DNS leak when using any DoH provider other than Cloudflare

[metametapod]

Not sure if this is the right place to report, might be a Firefox bug.

Running latest Firefox 130.0b9, Container proxy 0.1.22, Firefox Multi-Account Containers 8.1.3. Using Mullvad SOCKS5 proxy recommended settings documented here:

https://mullvad.net/en/help/socks5-proxy

• Protocol: SOCKS5
• Server: 10.64.0.1
• Port: 1080
• Do not proxy local addresses checked.
• Proxy DNS requests checked.
• network.proxy.socks_remote_dns set to true.
• uBlock Origin disabled for testing, but currently needs Uncloak canonical names disabled to avoid DNS leak even when using Cloudflare.

Split tunneling enabled via:

mullvad split-tunnel app add /Applications/Firefox\ Developer\ Edition.app/Contents/MacOS/firefox

Above config set for default container. To reproduce:

1. Under about:preferences#privacy > Enable DNS over HTTPS, set to Max Protection and choose Cloudflare (Default). Then check for leaks at https://mullvad.net/en/check. This should pass.
2. Change provider to NextDNS and run the leak test again. This will fail.
3. Try a custom provider, for example Quad9 https://dns.quad9.net/dns-query. This should fail as well. Setting to Increased Protection has the same effect.

Setting DoH to off avoids the issue but results in using the VPN DNS server for containers not on the VPN, which is less than ideal (slow and some sites block it).