There's been a lot of discussion around how to block DNS over HTTP, I found that public-dns.info have a very good list which is updated multiple times a day.
I simple Firewall Alias and a Floating rule is very affective if you use Adguard or PiHole DNS.
** Don't forget to port-forward TCP/UDP 53 to local DNS IP.
See attached Images
Thanks for the tip! Is this port forward rule what you had in mind? My OpenSense IP is 10.13.2.1 and it's forwarding to NextDNS for filtering.