The nslookup utility is a tool used *by* SMG, but it is not an SMG tool; that is, it is a basic linux tool that belongs to the underlying OS. In other words, by repeating the issue in nslookup, you are showing that the issue is not related to SMG, but is a problem somewhere else.
SMG and nslookup can both resolve much larger MX pools than what you have posted. Since the error is a timeout, I would imagine that you should start investigating your network.
It would be best to test directly from the Scanner(s) using the command line. If your Scanners can communicate on UDP port 53 to the internet, or if you have access to other DNS servers, you can test directly to other servers from within the nslookup utility command shell:
smg> nslookup
> server
Default server: 127.0.0.1
Address: 127.0.0.1#53
> set type=mx
> sanofi.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
sanofi.com mail exchanger = 5 XSPZ10F562B.sanofi.com.
... (snipping the remainder of the nslookup response for brevity)
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> sanofi.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
sanofi.com mail exchanger = 5 XSPZ10P120B.sanofi.com.
... (snipping the remainder of the nslookup response for brevity)
In the above example my commands are bolded and nslookup responses are italicized (I snipped the response since you have already posted it). I switched to Google's public DNS for testing using nslookup's server command (> server 8.8.8.8). You can have nslookup try and resolve from any DNS server in this way.