Also, one extra nice thing about using NextDNS via DoH (as you would with Firefox) is that now everything except the fact you're talking to NextDNS is concealed from eavesdroppers even if you do have custom config.
If you use other methods, NextDNS needs to figure out which custom config is yours, and there's no way to hide that from an eavesdropper (at least not yet). For example with DoT the customisation is hidden as a server name, and travels plaintext in SNI during TLS connection.
But with DoH that indication is in the URL path component, which is just more encrypted data in DoH and so an eavesdropper can no more discover which (if any) customisation you use than they can discover my Hacker News password when I log in here.
If you use other methods, NextDNS needs to figure out which custom config is yours, and there's no way to hide that from an eavesdropper (at least not yet). For example with DoT the customisation is hidden as a server name, and travels plaintext in SNI during TLS connection.
But with DoH that indication is in the URL path component, which is just more encrypted data in DoH and so an eavesdropper can no more discover which (if any) customisation you use than they can discover my Hacker News password when I log in here.