Sadly, the trend for browsers to bypass system-level DNS resolution in favor of DNS-over-HTTPS means this kind of filtering is quickly becoming obsolete.
There is a canary domain in Firefox to prevent it from switching to DoH: https://support.mozilla.org/en-US/kb/canary-domain-use-appli...
You could also user a policy.json for Firefox to permanently disable it. I don't see Firefox dropping this option as it is important for enterprise users.