@SurgeTeam on Surge iOS 5.16.2, Please the local dns mapping of DoQ and DoT hostname does not match in [Host] section while DoH3 and DoH matches. e.g:
[General]
encrypted-dns-server = h3://anycast.dns1.nextdns.io/NextDNSID/babs%20ios3, quic://babsiosq-NextDNSID.dns1.nextdns.io, tls://BabsiOSt-NextDNSID.dns1.nextdns.io, https://anycast.dns1.nextdns.io/NextDNSID/Babs%20iOS2
[Rule]
AND, ((OR, ((SUBNET,SSID:"GLi 5.0"), (SUBNET,SSID:"GLi 2.4"), (SUBNET,SSID:GL*))), (OR, ((IP-CIDR,0.0.0.0/32), (IP-CIDR6,::/128)))),REJECT,pre-matching //this is used to trigger local DNS look up in [Host]
PROTOCOL,DOH,DoH2
PROTOCOL,DOH3,DoH3
PROTOCOL,DOQ,DoQ
PROTOCOL,DOT,DoT
[Host]
#PRIMARY ANYCAST UNIQUE DOH3 BOOTSTRAP
#=====================================
#[ip-version=v4-only]
doh3.dns1.nextdns.io = 45.90.28.0
#OR
#[ip-version=dual]
#doh3.dns1.nextdns.io = 45.90.28.0, 2a07:a8c0::
#PRIMARY ANYCAST DOH2(DOH3) BOOTSTRAP
#====================================
#[ip-version=v4-only]
anycast.dns1.nextdns.io = 45.90.28.0
#OR
#[ip-version=dual]
#anycast.dns1.nextdns.io = 45.90.28.0, 2a07:a8c0::
#PRIMARY ANYCAST DOQ BOOTSTRAP
#=============================
#[ip-version=v4-only]
babsiosq-NextDNSID.dns1.nextdns.io = 45.90.28.0
#OR
#[ip-version=dual]
#babsiosq-NextDNSID.dns1.nextdns.io = 45.90.28.0, 2a07:a8c0::
#PRIMARY ANYCAST DOT BOOTSTRAP
#=============================
#[ip-version=v4-only]
BabsiOSt-NextDNSID.dns1.nextdns.io = 45.90.28.0
#OR
#[ip-version=dual]
#BabsiOSt-NextDNSID.dns1.nextdns.io = 45.90.28.0, 2a07:a8c0::
If you visit "test.nextdns.io" on Safari or any browser on iOS repeatedly when SurgeiOS is active, you will see that DOH3 and DOH have "anycast:true" because they follow the IP mapping in [Host] while DOQ and DOT have "anycast:false" because they do not follow the IP mapping in [Host]
