this makes a case for using 'bind'
I've never had a problem setting up nor using bind to serve up any kind of serious DNS stuff, like a local LAN or a private domain name.
The only thing I've ever used dnsmasq for was a simple DNS+DHCP solution for a user to configure networking on a standalone embedded device via a phone or PC with a wifi connection. And since dnsmasq allows you to specify a single hard-coded name to connect to, you could set up the embedded device so that you press "the button" on the device for "config mode", use a phone to access it via wifi, then go to the web page "http://admin" (or whatever) and get a web page to configure it with, and have dnsmasq also provide the DHCP address for the connected device, etc.. Simple stuff like that seems to make sense with dnsmasq, and you have to press the right buttons on the device to make it go into config mode like that [after which the device would have its wifi client set up and would go off and connect through the LAN and use the LAN's DNS and DHCP, etc. and not its own]. So dnsmasq is never facing a public internet with this particular use.
Trying to use something like dnsmasq to do anything MORE than "what I described" might be the actual problem...
(for my own network I've been using bind and the isc DHCP server for both IPv4 and IPv6, no observed problems, and the bind server also handles DNS for a domain I own, and I've been doing this for almost 2 decades, though a bit less for the IPv6 part)
Biting the hand that feeds IT
