mieqq Okay, I did some tweaking and figured a bug when Surge switches between resolver/bootstraps due to latency.
dns-server = 220.127.116.11, 18.104.22.168
it resolves to:
CLoudflareNet 0000 0000
OPENDNSINC and so on,
After switching to fastest resolver, it goes back to NEXTDNS again and normal
to keep track of the DNS resolution process by Surge because this is the only DNS check site that keeps your DNS resolution alive under "active connection" tab for a long time up to 15 minutes, I monitored it and I figured the slight leakage.
So, best option is to use a single resolver. e.g.
dns-server = 22.214.171.124
but I hijacked both on :53
hijack-dns = 126.96.36.199:53, 188.8.131.52:53
Hijacking DNS using *:53 results to loop in my configuration and then google takes over with wrong IP address location lol. Thank you for your time today, that was really helpful.