DNS over HTTPS (DOH) is an implementation of DNS on an application level that bypasses the standard, distributed name resolution. While this has advantages, the disadvantages can outweigh them in many cases.
DOH breaks many things which are commonly used today to protect home and business networks.
Mozilla Firefox, as of the 25 Feb 2020 release, implements DOH by default, forcing non-technical users to use Cloudflare for their DNS resolution. While it is fairly simple for technologically adept users to turn this off, most users will begin using it with little notification and may see some of the issues above.
Many routers/firewalls have the ability to create DNS overrides. Mozilla has taken advantage of this by allowing a systems administrator to create one record in the firewall/DNS server that will tell Firefox not to use DOH. For opnSense, the instructions are as follows:
When you open a new session of Firefox, assuming your OPNSense router's Unbound service is your DNS, Firefox will request the IP of use-application-dns.net from your configured DNS server. Your firewall/Router will return a null value, which tells Firefox to not use DOH in the future.
Firefox will perform this check every time it is started.