I don't know, I'd say that's precisely the reason DoH isn't so great - because it bypasses proxies, NATs, firewalls.
If you're the admin that needs to configure DNS a certain way for any reason (corporate policies, parental controls, intranet configurations, malware protection) then having the user be able to work around by default is a massive pain.
DoH seems like a great idea at first, until you're in a situation when it's not, and then it gets messy, because it's a moving target and everything has different workarounds.
If you’re the admin that needs to configure DNS a certain way, you need to do it by controlling and modifying endpoints. Otherwise, even if you implement network-level DoT, a user can defeat your controls by running DoH on their own, or by just adding an /etc/hosts file.
If you're the admin that needs to configure DNS a certain way for any reason (corporate policies, parental controls, intranet configurations, malware protection) then having the user be able to work around by default is a massive pain.
DoH seems like a great idea at first, until you're in a situation when it's not, and then it gets messy, because it's a moving target and everything has different workarounds.