https://www.draytek.com/support/knowledge-base/10623
Đây là lý do draytek đưa ra để block DoT DoH
The water that bears the boat is the same that swallows it up.
Encrypting DNS(DoH and DoT) makes it more difficult for network snoops to view your DNS information, or corrupt them in transit. It enables private and secure communications and will further enhance user privacy.
However, when we talk about corporate intranets, encrypted DNS can make it impossible for many security tools to see if the traffic is threatening.
In addition, many DNS resolution servers that support DoH and DoT today hosted by third-party companies are not controlled by your own. They cannot be audited. It is a hidden concern for information security.
DrayTek Router can help you avoid using inappropriate encrypted DNS technology on the company's internal network. All uncontrolled DNS resolution services can be blocked or turned off.