@xe3 i believe this means that some apps can have their own embedded DNS settings that override system or proxy DNS settings for these apps’ traffic, like maybe some Google apps have 8.8.8.8 hardcoded or whatnot.
@ignoramous btw, i have found a decent workaround for my DNS setup for Rethink instead of that Pi-Hole abomination.
Summary
I’m using NekoBox in proxy (not VPN or TUN) mode, DoH NextDNS as remote DNS, my Wireguard exit point config and a route rule to proxy all apps for good measure.
I then set a DNS proxy in Rethink pointing to NekoBox while continuing to use Wireguard proxy in Rethink and it taking the VPN slot.
The result is that dnsleaktest com extended test shows NextDNS’ servers from my exit point’s location, not from my location.
I also tried to set my Pi-Hole’s virtual LAN IP:53 as remote DNS in NekoBox and it is available from outside of my home network, via mobile data for example, and dnsleaktest shows the same servers as my home PC with Pi-Hole as it’s DNS. Neat!