0

Found a bug with nextdns - querying "AAAA" records for "steering.nextdns.io" usually (but not always) returns zero results

TL;DR - When querying my NextDNS profile's IPv6 server (from the Settings page), AND looking up AAAA type records, AND only for steering.nextdns.io - about 4/5 of the time NextDNS will answer with zero records found. The other fifth of the time it does return IPv6 addresses for steering.nextdns.io.

In contrast it works 100% of the time for "A" type records for steering.nextdns.io, OR looking up AAAA type records for any other hosts that have them.

I found this because I had noticed that for my apple devices with configuration profiles, most of my queries to nextdns were coming from their IPv4 addresses instead of IPv6 which in general should be preferred. So it was working, but weird, so I looked into it.

Example:

As an example below are two dig commands run from my Mac, two seconds apart, with no configuration changes in between. The DNS server specified is the one for my profile from the nextdns settings page.

> dig @2a07:a8c1::my:prof -t AAAA steering.nextdns.io
; <<>> DiG 9.10.6 <<>> @2a07:a8c1::my:prof -t AAAA steering.nextdns.io
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12825
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;steering.nextdns.io.        IN    AAAA
;; Query time: 16 msec
;; SERVER: 2a07:a8c1::my:prof#53(2a07:a8c1::my:prof)
;; WHEN: Sat Mar 21 22:24:21 AEST 2026
;; MSG SIZE  rcvd: 48

> dig @2a07:a8c1::my:prof -t AAAA steering.nextdns.io
; <<>> DiG 9.10.6 <<>> @2a07:a8c1::my:prof -t AAAA steering.nextdns.io
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58544
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;steering.nextdns.io.        IN    AAAA
;; ANSWER SECTION:
steering.nextdns.io.    60    IN    AAAA    2a00:11c0:94:8::1
steering.nextdns.io.    60    IN    AAAA    2401:3cc0:3:1:3eec:efff:fe27:f595
;; Query time: 18 msec
;; SERVER: 2a07:a8c1::my:prof#53(2a07:a8c1::my:prof)
;; WHEN: Sat Mar 21 22:24:23 AEST 2026
;; MSG SIZE  rcvd: 104

 

 

For testing I tried with a new profile that was default (still had the issue), and then turning off everything in that profile (still had the issue).

And FWIW, NextDNS Test from the same Mac:

{
"status": "ok",
"protocol": "DOH",
"profile": "xxxxxxx",
"client": "xx.xx.xx.xx",
"srcIP": "2401:d005:xxxx:xxxx:xxxx:xxxx:xxxx:ef75",
"destIP": "103.137.12.7",
"anycast": false,
"server": "gsl-bne-1",
"clientName": "apple-profile",
"deviceName": "Minnie",
"deviceID": "18FVF"
} (empty)

 

 

And NextDNS Ping Test:

gsl-bne (IPv6)      14 ms  (anycast1)
anexia-bne (IPv6)   15 ms  (anycast2)
anexia-bne          15 ms  (anycast2)
*gsl-bne             15 ms  (anycast1)
zetta-bne           16 ms
vultr-syd (IPv6)    31 ms  (ultralow2)
vultr-syd           33 ms  (ultralow2)
gsl-mel             41 ms
gsl-syd (IPv6)      42 ms  (ultralow1)
gsl-mel (IPv6)      43 ms
vultr-mel           43 ms
vultr-mel (IPv6)    43 ms
gsl-syd             43 ms  (ultralow1)
gsl-adl             48 ms
zetta-adl           51 ms
gsl-adl (IPv6)      51 ms
anexia-per (IPv6)   78 ms
anexia-per          79 ms

 

Reply

null
Login to reply

Content aside

  • 3 days agoLast active
  • 8Views
  • 1 Following