Is DNS-over-HTTPS or -TLS possible with system configuration settings when a NEFilterDataProvider is running/activated?

Is it possible to configure DNS-over-HTTPS or -TLS at the system level when a NEFilterDataProvider is activated? If it is, how is it supposed to be done?

On macOS NEDNSSettings and a NEFilterDataProvider are exclusive (r. 64940244). So that means an existing NEFilterDataProvider will always take precedence over the DNS Settings on macOS.

Thanks.

Does this mean that, in such a case, the only solutions to get DNS-over-HTTPS/-TLS are to either use your own DNS client code in your application (what Google Chrome does for instance) or to configure a DNS proxy solution (e.g. https://blog.smittytone.net/2022/05/07/how-to-do-dns-over-https-on-macos)?

If I understand you correctly, yes, you'll have to either implement your own DoH or DoT provider with NEDNSSettings or your will need to implement your own DNS Proxy Provider.

Actually, it was more a question regarding which options are available to an end-user to get DNS-over-HTTPS or TLS when a Network Extension (with a Data Filter Provider) is running on macOS.