Hi Sourav, I'll go through your output - and what each bit means. And how it stands with the best guess that its a time msimatch that is causing DNSSEC to fail, and so loose all name lookup.
$this->bbcode_second_pass_code('', 'timedatectl status
System clock synchronized: yes
NTP service: active')
This says you are using NTP, and that the NTP has syncronised. This means your internal clock should be good to something like 1ms. This should be easily good enough for DNSSEC. So your time shouldn't be a problem.
$this->bbcode_second_pass_code('', 'resolvectl status
Link 3 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 8.8.8.8
DNS Servers: 203.147.91.2
8.8.8.8
203.147.88.2
DNS Domain: ~.
domain.name')
So you are using DNSSEC but in the allow-downgrade, which means if the far DNS server doesn't do DNSSEC (and few seem to these days) that you still use the DNS lookup.
Only odd bit is the DNS server, 8.8.8.8 is google - which is a good back up, but I prefer something local if possible. 203.147.* is Meghbela Broadband in India, is this your ISP? If so would be best.
Its a pity we can't say how systemd-resolved got the DNS servers, it usually give pripority to DHCP, so when that contains a DNS server that is used. E.g. my desktop has "Current DNS Server: 192.168.2.1" the address of my router. My router has: "DNS 1: 212.159.6.9 DNS 2: 212.159.6.10", which is what my local ISP gives me when my router connects, so good for me (but probably not for anyone else).
So this all says, from timing we would expect your connection to work, other than you need to go to google to get any names. So if you still had a problem with lookups, with those settings - its says we havn't got to the bottom of the problem. It says the next thing we probably should try is switching off DNSSEC totally, as changing that to allow-downgrade is I think the recent change where problems started.
Now /etc/systemd/timesyncd.conf
$this->bbcode_second_pass_code('', '
[Time]
NTP=0.arch.pool.ntp.org
FallbackNTP=1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
')
Is good - it means we *know* that the default NTP server tried is 0.arch.ntp.org. To make sure we know its number you can do
$this->bbcode_second_pass_code('', 'drill 0.arch.pool.ntp.org') which will give you several possible IP numbers for the machine (and those numbers will vary!). This doesn't matter choose one, and add it /etc/hosts with the same name as the default NTP host 0.arch.pool.ntp.org. This means you can always attach to an NTP host to set the time on your machine.
Anyway how to totally switch off DNSSEC - its in a post from few months ago, in the file /etc/systemd/resolved.conf uncomment the DNSSEC line (remove the # at the sart) then change it to "DNSSEC=false". It means you won't do any DNSSEC, and the moment its not much of a problem, as its so rarely suported, so this change is worth trying to see if it helps.
https://archlinuxarm.org/forum/viewtopic.php?f=9&t=14056&hilit=DNSSEC