Response Policy Zone for (Firefox DoH)

I read in the news that Firefox switches to DNS over HTTPS (DoH) soon.

We want to resolve some names differently in our LAN than in public and also want to keep control over DNS and therefore want to disable this behaviour.

The most simple way to do so seems to be to create a Response Policy Zone (RPZ) for Mozilla’s canary domain

How exactly should this be done in Univention?