Research DNS strategies
DoH, DoT: research if and how requests over these channels are handled. Blocking or rerouting port 53 traffic is probably not enough. Changing or controlling Apps or other pieces of software is totally out of scope. Chrome for example tries to use DoH if it 'is offered by the ISP.' How to advertise this feature to browsers, the OS or other apps?
“By keeping the user’s chosen provider, we can preserve any extra services offered by the DNS service provider, such as family-safe filtering, and therefore avoid breaking user expectations. Furthermore, if there’s any hiccup with the DNS-over-HTTPS connection, Chrome will fall back to the regular DNS service of the user’s current provider by default, in order to avoid any disruption, while periodically retrying to secure the DNS communication,” Baheux said.
https://datatracker.ietf.org/doc/html/draft-doh-reid-operator is probably useful: DNS over HTTPS (DoH) Considerations for Operator Networks
Label of this issue: research ?