bind

Firefox DoH and bind

Taken directly from a mailing list: here

it's possible to do this with RPZ in BIND (and possibly others), we will put up a KB article for that, but meanwhile you can try doing following...

add this to named.conf:

response-policy { zone rpz; };
zone rpz {
    type master;
    file "rpz.db";
};

and rpz.db should be something like this:

$TTL 604800
rpz. IN      SOA     localhost. root.localhost. (1 604800 86400 2419200 604800 )
rpz. IN      NS      localhost.
use-application-dns.net.rpz. CNAME .