By default Firefox and other browsers that implement DNS over HTTPS check a canary domain and if they can’t reach it they assume they’re in an enterprise and act respectfully and fall back to the suggested DNS server pushed by their gateway. That canary domain is obviously part of all encrypted DNS blocklists. On desktop you can choose to try and override but lists of the common DOH providers are readily available for free. I block them myself on my network because I run my own DNS resolver with ad blocking and don’t want anything bypassing it to phone home its analytics.