Redirects to invalid domains configured in NextDNS no longer return NXDOMAIN

To block the iCloud Private Relay, I configured the following DNS Redirects: 

mask.icloud.com -> icloud-private-relay.invalid

mask-h2.icloud.com -> icloud-private-relay.invalid

When querying the NextDNS servers for mask.icloud.com or mask-h2.icloud.com, I used to see the NXDOMAIN as the response. This would cause the macOS and iOS display a message saying that Private Relay is disabled on this network. This is no longer happening, as now the DNS query for mask.icloud.com or mask-h2.icloud.com returns icloud-private-relay.invalid instead of NXDOMAIN.

What happened there and when did it change?