Yet another development:

TCP DNS queries work just fine, as confirmed by getting a response by issuing dig +tcp @server_ip
UDP queries are not even getting to the server.