How to disable DoH and DoT network-wide for Apple iOS and macOS

I am running an the Open Source OpenWrt router firmware and wish to disable DoH and DoT for the whole network. In my network lots of latest iOS and macOS devices.

To disable DoH for Firefox is used this guide Canary domain – use-application-dns.net. I search for a similar solution for Apple based devices.

Operating systems Apple

Apple’s iOS 14 and macOS 11 will support both DNS over HTTPS and DNS
over TLS (DoT) when they are released in the fall of 2020.

Exclude domain from DNS-over-HTTPS (DoH) in Edge or Chrome

I run a local BIND DNS server for my own development work. I like the idea of DoH in my browsers, but it is interfering with my use of BIND – instead of getting pages from my local development server, I get domain squatting pages.

Firefox has a mechanism for excluding specific domains from being queried over DoH which I think would solve this problem and allow my local BIND server to do its job, but I can’t find a similar option in (the Chromium-based) Edge or in Chrome. Does anybody know of a way to set exclusions in these?

Filtering – Can I intercept DNS over HTTPS (DoH) or TLS (DoT) on my home network?

I am currently redirecting all local network DNS traffic to my pi-hole installation, as some devices may use hard-coded DNS servers or may use them in the future to bypass filtering.

As DNS-over-HTTPS and DNS-over-TLS are used more and more, I want to know if it is possible to intercept this type of traffic to redirect it to my pi-hole installation for filtering purposes.

If this is not possible (as expected), I wonder if it is possible to at least separate the connections so that the devices receive errors and hopefully use the (local) DNS server announced by DHCP.