It's obviously a bug, but let's not overblow it. It has limited impact and can easily be mitigated by setting a loopback or null DNS server in the "blocking" state.
I also don't trust devices and apps to use my preferred DNS servers. This is why I route all traffic to port 53 (plain DNS), 853 (DoT) to my own DNS server. The only thing that escapes the net is DoH which would require manually blocking a list of common DoH IPs, which I never bothered to do...