https-dns-proxy and it appears to be working well. However I'm struggling to figure out how the "Force Router DNS" feature works, and enabling and disabling the feature doesn't seem to change my configuration at all (apart from the config options for hdp itself). The guidance at  suggests that a
REJECT would be created, but I don't see them.
The wiki at  indicates that one should follow the DNS Hijacking instructions at
FWIW, I already have my own DNS intercept portforward set up to hijack some Google Home devices (that use a hardcoded DNS server) so this is more of an academic question to see off any unintended consequences as I do not want all devices to have their DNS hijacked, but can't tell what the situation is right now.