In case you are unaware, make sure to override DNS on any web browsers or other programs that might be skipping OS configured DNS servers to use hard-coded DNS over HTTPS servers.
If you're running your own DNS resolver you can hint this to some applications in your network via a canary domain
It worked great for me years ago, but all the US-based banks I use have since killed off their OFX Direct Connect programs.