I’ve looked into the network tace some more and done some reading.
The reqest for the AAAA record, when non-existant, returns an SOA.
Turns out the SOA is for a different domain that that being requested. I suspect that’s why Windows is rejecting the response.
Request AAAA for mx.atomwide.com.
Response SOA for lgfl.org.uk.
I will see if we can make some progress with this information.
EDIT: Just for future reference, temporarily turning off “Secure cache against pollution” will allow the query to succeed. Not ideal, but proves the issue is with a dodgy DNS record.
RFC4074 is also a good referemce – Intro and Section.
