linux – How to use iptables hijack all DNS queries to dnsmasq?

I have disabled systemd-resolved on ubuntu, installed dnsmasaq and a proxy application.
The proxy application can proxy tcp and udp dns queries.
The /etc/resolv.conf file only one line nameserver 127.0.0.1
and /etc/dnsmasq.conf file

no-resolv
server=1.1.1.1
listen-address=127.0.0.1

When I use dig the tcpdump shows

IP 127.0.0.1.46877 > 127.0.0.1.53: 42465+ (1au) A? google.com. (50)
IP 10.0.0.11.63534 > 1.1.1.1.53: 57691+ (1au) A? google.com. (50)
IP 1.1.1.1.53 > 10.0.0.11.63534: 57691 2/0/1 A 172.217.163.238
IP 127.0.0.1.53 > 127.0.0.1.46877: 42465 2/0/1 A 172.217.163.238

I want to use iptables hijack all DNS queries to dnsmasq, so I tried

iptables -t nat -A OUTPUT -o ens3 -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination  127.0.0.1:53
iptables -t nat -A OUTPUT -o ens3 -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination  127.0.0.1:53

There’s an edge case if the proxy requests DNS queries to 1.1.1.1 it won’t go through dnsmasq.