NextDNS blocking doesn't work, NextDNS test is only occasionally positive

Description of the issue:

I configured NextDNS though a MacOS profile. Everything except Brave desktop works fine - e.g. Firefox Desktop, Brave Android, cURL, … Fine meaning, what I block on NextDNS is blocked correctly. Only on Brave Desktop, nothing is blocked. I can go to NextDNS logs and see the DNS query as blocked, but it’s resolved anyway on the computer.

I tried with these turned off: Upgrade connections to HTTPS, Always use secure connections, Use secure DNS. Also tried with “Use Secure DNS” turned on, set to “With your current service provider” and also set to “Custom > NextDNS”. All these tried ended up with the same result.

When I go to test.nextdns.io repeatedly, most of the time (80%) I get
“status”: “unconfigured”
and only occasionally
“status”: “ok”, “protocol”: “DOH”

Something on Brave that I don’t know seems to be evading the DNS block.

How can this issue be reproduced?

Visit a site that’s supposed to be blocked by NextDNS on Brave Desktop.

Expected result:

% curl reddit.com
curl: (7) Failed to connect to reddit.com port 80 after 8 ms: Connection refused

Brave Version: 1.43.93 Chromium: 105.0.5195.127 (Official Build) (arm64)

when I checked DNS entries
scutil --dns | grep nameserver | sort -u

I got the IP of my ISP (only). Strange, because NextDNS is definitely working for everything except Brave Desktop. And also I see queried domains from Brave Desktop too on the logs. So it’s surprising and I don’t know the explanation.

But then I tried removing the Apple DNS profile provided by NextDNS and used NextDNS app instead. And now it’s working. I still have the same DNS servers but also 192.0.2.42 before them. Visiting test.nextdns.io returns the correct response every time.