Got it.
https://www.linux.org/threads/solved-unbound-dns-server-strange-problem-resolving-opensuse-org.31299/
supplied the answer.
Rebooting the modem/router fixed the problem.
Things still work after:
- fallback of the client to Network Manager (with no DNS servers supplied)
- reactivating DoT on the modem/router.
- rebooting the client
What I absolutely do not understand is that there were three DNS
settings which did not work before I rebooted the modem/router:
- DoT with one primary name server
- DoT with another unrelated name server
- no DoT, the modem/router took its DNS settings from Vodafone
Other machines which use wicked and supply their own DNS server
IP-addresses all worked, as did the affected one when I made the same
change.
From the help text:
> Instructions: Enabling DNS over TLS (DoT)
>
> Select the "Encrypted name resolution in the internet (DNS over TLS)" setting.
> In the "Resolved Names of the DNS Servers" field, enter one or more DNS servers.
> Click on "Apply".
> Confirm that this change should be executed as soon as you are prompted to do so.
>
> DNSv4 and DNSv6 when DNS over TLS (DoT) Enabled
>
> Enabling DNS over TLS does not require any changes to the "DNSv4" or "DNSv6" settings.
>
> The DNS servers listed under "DNSv4" or "DNSv6" will still be used for DNS queries. They are needed for name resolution by the DNS-over-TLS server and for internal purposes.
> Encrypted name resolution in the internet (DNS over TLS)
>
> This setting is disabled in the settings preconfigured for the FRITZ!Box.
>
> When this setting is disabled, the FRITZ!Box sends DNS queries to the DNS servers listed under "DNSv4" and "DNSv6" in encrypted form.
>
> When this setting is enabled, the FRITZ!Box first determines the IP addresses of the servers listed under "Resolved Names of the DNS Servers". This is done by means of a non-encrypted query to the DNS servers entered under "DNSv4" and "DNSv6". The FRITZ!Box sends the encrypted DNS queries to the IP addresses of the servers listed under "Resolved Names of the DNS Servers".
(the DNSv4 and DNSv6 settings both specify using the defaults for the ISP).