Insecure Delegation of steering.nextdns.io

Using the tool at https://dnsviz.net, I can see that there is an insecure delegation from nextdns.io to steering.nextdns.io (CNAME dns.nextdns.io).

Consequently, systemd fails DNSSEC when queried about dns.nextdns.io.

Upon further investigation, I also cannot verify the authenticity of a delegated dns server ip: 167.88.171.10.

167.88.171.10 reports as belonging to RouterHosting llc, now cloudzy (cloudzy.com).

Using the setup guide at https://my.nextdns.io/<id>/setup, I have successfully configured both systemd with resolvectl on linux mint and iOS 17 using the generated apple configuration profile. Everything works as expected EXCEPT when I try to verify I am talking to the DNS server I expect.

To verify, I am configured in /etc/systemd/resolved.conf with:

[Resolve]
DNS=45.90.28.1#<my-id>.dns.nextdns.io
DNS=2a07:a8c0::<my-ipv6>#<my-id>.dns.nextdns.io
DNS=45.90.30.1#<my-id>.dns.nextdns.io
DNS=2a07:a8c1::<my-ipv6>#<my-id>.dns.nextdns.io

DNSOverTLS=yes

DNSSEC=yes

And the equivalent iOS configuration profile. 

Any assistance would be appreciated. Relevant docs from ish shell and web tools attached.