Ubuntu 25.04 not using DHCP DNS server

A strange issue with split DNS that's been annoying me for ages, DHCP dns points to my adguard (primary) and my home router (secondary). Both have DNS rewrites for my local home domain servers to the LAN IP. This works perfectly for all devices except my Ubuntu laptop. This randomly decides to find the external DNS entries for those services, which points to the external interface of my router and fails (I need this for LetsEncrypt). If I statically set my DNS to the right DNS server it does the same thing, flush the cache and an nslookup works the first time you run it, but the 2nd it's switched back. Digging into it has left me in loops and rabbit holes so figured I'd ask if anyone else can help me make sense. If I edit /etc/resolv.conf from 127.0.0.53 to my dns server this is fine... until I'm on another wi-fi network. nmcli DNS configuration: servers: 192.168.1.85 192.168.1.1 domains: localdomain interface: wlp195s0 nslookup ha.test.co.uk Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: ha.test.co.uk canonical name = fake.test.co.uk. Name: fake.test.co.uk Address: 199.199.199.199 nslookup ha.test.co.uk 192.168.1.85 Server: 192.168.1.85 Address: 192.168.1.85#53 Non-authoritative answer: Name: ha.test.co.uk Address: 192.168.1.85 Running resolvectl status Link 2 (wlp195s0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 192.168.1.1 DNS Servers: 192.168.1.85 192.168.1.1 DNS Domain: localdomain Default Route: yes So it seems that for whatever reason my machine has decided to use the router DNS service which is my backup. nslookup ha.test.co.uk 192.168.1.1 Server: 192.168.1.1 Address: 192.168.1.1#53 Name: ha.test.co.uk Address: 192.168.1.85 ha.test.co.uk canonical name = fake.test.co.uk. The router has both the internal and external records (this is by default, I've got internal rewrites on there for local LAN), and Ubuntu us using the secondary DNS server, then from this using the secondary DNS entries... confusing! I've read around this as much as I can, looked at disabling the loopback resolver, but this broke DNS totally. Anyone any ideas?