I see errors with DNSSec in the logs.
And now I see that the last dig command does not return a DNSSec sig.
It looks like your Internet provider or something on your network is blocking DNSSec.
Can you try to modify config.json inside ./sandbox enter algod to disable DNSSec:
that is add something like
"DNSSecurityFlags": 0
in it.
See also Problem with node sync