Modern operating systems and browsers increasingly perform DNS resolution in ways that generate multiple queries for the same domain. These "duplicate-looking" DNS queries are not an error, nor are they specific to DNSFilter. They are a standard part of how DNS resolution works today—especially when using DNS-over-HTTPS (DoH).

What's causing the duplicate queries?

Across all DNS filtering platforms, users may see multiple DNS queries for a single domain, often occurring at the same timestamp. This is normal, expected behavior due to:

1. Multiple Query Types

Clients typically issue both A (IPv4) and AAAA (IPv6) queries to ensure the fastest and most compatible connection. These are separate and valid queries, even if they target the same domain.

2. Parallel Resolution by Browser and OS

Modern browsers like Chrome and Firefox can independently initiate their own DNS lookups—often using DoH—even when the operating system has already done so. This can result in 2–6 queries for a single domain load.

3. Greater Visibility with DoH

DNS-over-HTTPS makes resolution behavior more transparent. While legacy resolvers might suppress redundant queries from logs, DoH exposes them more directly. That means you may now see activity that was previously hidden.

4. Consistent Across Providers

This is not unique to DNSFilter. Other DNS filtering providers (e.g., NextDNS, AdGuard) show similar patterns. Some platforms filter or collapse queries in the UI, but the traffic itself is the same.

⚠️ When using DNS PreCheck on networks that also use DNSFilter

When DNS PreCheck is enabled and the device connects to a network that also uses DNSFilter as its DNS resolver (for example, an office Wi-Fi network), both the agent policy and the network policy apply. This can cause unexpected block behavior if the policies differ, and the DNS query log will show each lookup twice—once from the Roaming Client and once from the network resolver. This is expected and reflects two separate filtering events.

What DNSFilter did about it

To account for this evolution in DNS behavior, we increased the threshold of DNS queries that qualify as a "license" in our billing model to 10,000 DNS queries per user per day.

This change ensures that our customers aren’t penalized for the increased query volume that naturally results from modern resolution strategies like DoH, dual-stack (IPv4/IPv6) querying, and browser-level DNS activity.

We made this adjustment proactively—because our goal is to deliver fair, transparent billing that aligns with real-world usage.