Centos only taking first DFS referral

Question

$ umount -a:
Linux server01 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

I am able to successfully mount a DFS file share using the following command:

$ sudo mount.cifs \\\\domain.com\\share /mnt/share -o username=user

$ mount | grep domain
\\domain.com\share on /mnt/share type cifs (rw,relatime,vers=default,cache=strict,username=user,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.10,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)

here's an output from DFSutil.exe on windows showing the valid referrals:

C:/> dfsutil /pktinfo
Entry: \domain.com\share
ShortEntry: \domain.com\share
Expires in 260 seconds
UseCount: 0 Type:0x8081 ( REFERRAL_SVC DFS FAILBACK_ENABLED )
   0:[\DFS-02\Share] AccessStatus: 0 ( ACTIVE TARGETSET )
   1:[\DFS-01\Share] ( TARGETSET )

If I simulate a failure of the primary server (10.0.0.10), I am not able to mount the share, even though the second referral is valid. I've included the verbose command output:

sudo iptables -I OUTPUT -j DROP -d DFS-02.domain.com
sudo mount.cifs \\\\domain.com\\share /mnt/share -o username=user --verbose
Password for user@\domain.com\share:  *****
mount.cifs kernel mount options: ip=10.0.0.4,unc=\\domain.com\share,user=user,pass=********
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
sudo tail /var/log/messages
May 30 11:50:52 server01 kernel: CIFS VFS: BAD_NETWORK_NAME: \\domain.com\share

10.0.0.4 is my DC. I can manually force a switch by re-prioritizing DFS referrals on the windows side, but the point of our DFS here is to automatically roll over to a valid server. The windows clients are able to do this by default. We recently had one of the DFS servers go down, causing more issues than we expected.

Is there a configuration or package for cifs I probably missed? Do DFS referrals work correctly on other flavors?

Not a duplicate of this 2013 question, which has no answer and references a broken link. Doesn't seem related to older issues where older keyutils (<1.5) dns_resolver entries needed to be added to use cifs.upcall.