How to use multiple HTTPS DNS Proxy instances?

Hey guys,

a few months ago I've set up a HTTPS DNS Proxy Quad 9 instance for all my home network devices.

I would like to introduce an additional instance with CleanBrowsing and force it exclusively for a few devices (MAC addresses?) that my child uses.
Can you guys recommend a simple and working approach?

I've been messing with multiple dnsmasq instances and PBR already but couldn't get it to work.
When adding an additional HTTPS DNS Proxy instance I've noticed, new forwards are simply added to default dnsmasq instance, so I've moved them over to an additional instance, listening to a different port.
In DHCP reservations I've also noticed that I can set a specific dnsmasq instance which host is bound to.
Sounded like the solution I need, but I don't understand how this works exactly. At least I couldn't get it to work.
Do I need virtual interfaces, an additional subnet? I'd like to avoid this if possible and my AP doesn't support additional SSIDs.

Any advice appreciated.

I suggest a simpler solution, I did already myself: Use second SSID, network, and dnsmasq for the kiddies. And second https-dns-proxy, may be, in case you want to use another upstream DNS, too.

Another approach would be to meddle around with firewall, and do dns-hijacking based on MAC adrs, but that looked more complicated to me.

Thanks for your reply, but my AP doesn't allow multiple SSIDs, as mentioned and also one device is attached via ethernet.

Sorry, did not read everything. Then to use firewall rules to divert dns requests from certain MACs to second dnsmasq+https-dns-proxy. You are aware of the fact, that Chrome browser uses DoH by default, i.e. to goggle. Which means, you would either need to modify Chromes settings, OR, even better, block the "well-known-Doh-servers" in the router, to force fall-back to simple DNS.