Some browsers, apps, or devices might let you disable DoS/DoT or might let you configure it to use your own DNS server, but none of them have to let you and even when they give you that option they can still do whatever want (https://discourse.pi-hole.net/t/chromium-bypasses-pi-hole-by...)
https://ericlathrop.com/2021/03/dns-over-tls-lets-google-ser...
It isn't just people using DNS filtering for ads that have this problem. Network admins at companies face the same problem (see for example https://cleanbrowsing.org/help/docs/block-dns-filtering-evas...)
Some browsers, apps, or devices might let you disable DoS/DoT or might let you configure it to use your own DNS server, but none of them have to let you and even when they give you that option they can still do whatever want (https://discourse.pi-hole.net/t/chromium-bypasses-pi-hole-by...)
Obviously any application or device using a hardcoded IP address will bypass DNS entirely so DNS filtering isn't going to work. See https://old.reddit.com/r/pihole/comments/djacup/im_starting_...
Just because it doesn’t work all the time doesn’t mean it never does. Defense in depth.
One aspect is to use trustworthy software, not written by an advertising company.
https://9to5mac.com/2022/08/18/ios-vpn-apps/
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php