DNS lookup over vpn not working 22.04

Thank you for taking the time to report this issue and helping to make Ubuntu better. Examining the information you have given us, this does not appear to be a bug report so we are closing it and converting it to a question in the support tracker. We understand the difficulties you are facing, but it is better to raise problems you are having in the support tracker at https://answers.launchpad.net/ubuntu if you are uncertain if they are bugs. You can also find help with your problem in the support forum of your local Ubuntu community http://loco.ubuntu.com/ or asking at https://askubuntu.com or https://ubuntuforums.org. For help on reporting bugs, see https://help.ubuntu.com/community/ReportingBugs.

I guess this got moved over here

Heres what I know so far, this setup works on everything I have tried it on except ubuntu version 22.04.

We have a router that forwards requests for a domain across an L2tp/ipsec tunnel. I can hit ip addresses of these domain controllers across the tunnel. The request routing for the domain does not work.

Again it works on literally everything but ubuntu version 22.04, both older ubuntus and newer distros like federa and manjaro. So its very likely not a configuration issue, unless its the configuration of 22.04 out of the box. It is just not working for this specific distro on this specific version.

Testing was done on brand new installs across the board

This can be closed. It's a "feature"

Evidently this is by design. since 2016. I am guessing some fixes were applied in the last LTS that didnt make it to 22.04 LTS. If anyone finds this thread this is a systemd-resolvd design decision that breaks single label lookups, and resolution of .local dns on purpose.

Poettering : resolved will never allow single-label lookups to leak onto unicast DNS, i.e. the Internet. It will resolve them only via LLMNR or expand them via the search list if one is configured. This is in-line with what Internet bodies such as the IAB suggest for single-label names:
Basically, single-label hostnames are considered "private", something that should be made sense of locally only, and as such should never end up on the public Internet.

Basically your single-label names what whatever.local never get to dns, they are essentially blackhole'd

this is 100% incorrect because dns doesnt equal the internet. You can be using a domain controller to resolve domain things, you can be using a router to route dns across a vpn. Refusing to even put these out on DNS requests breaks widespread network designs.

Makes sure dns is in front of notfound=return in your /etc/nssswitch.conf

apply this from the systemd manual :
systemd-resolved maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional Linux programs. This file may be symlinked from /etc/resolv.conf and is always kept up-to-date, containing information about all known DNS servers. Note the file format's limitations: it does not know a concept of per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that /run/systemd/resolve/resolv.conf should not be used directly by applications, but only through a symlink from /etc/resolv.conf. If this mode of operation is used local clients that bypass any local DNS API will also bypass systemd-resolved and will talk directly to the known DNS servers.

sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

restart the networkmanager and systemd-resolved and now your dns will function like it has for everything else, and is supposed to.