macOS Profile Security Concern

Hello, I've been using NextDNS for a while and had a question in regards to how the configuration profiles are setup. I've noticed there are 'additions' in the profiles that are allowing certain urls to be bypassed:

com.apple.dnsSettings.managed:
_manualProfile:
  Value:    1
  State:    always
  Source:    com.apple.dnsSettings.managed (User)
DNSSettings:
  Value:    { DNSProtocol = HTTPS; ServerURL = "https://apple.dns.nextdns.io/1234/XXXXXX"; }
  State:    always
  Source:    com.apple.dnsSettings.managed (User)
OnDemandRules:
  Value:    ( { Action = EvaluateConnection; ActionParameters =         ( { DomainAction = NeverConnect; Domains =                 ( "dav.orange.fr", "vvm.mobistar.be", "msg.t-mobile.com", "tma.vvm.mone.pan-net.eu", "vvm.ee.co.uk" ); } ); }, { Action = Connect; } )
  State:    always
  Source:    com.apple.dnsSettings.managed (User)
PayloadUUID:
  Value:    XXX-XXXX-XXX-XXXXXX-XXX.XXXXXX.dnsSettings.managed
  State:    always
  Source:    com.apple.dnsSettings.managed (User)

Specifically I'm referring to this bypass:

( "dav.orange.fr", "vvm.mobistar.be", "msg.t-mobile.com", "tma.vvm.mone.pan-net.eu", "vvm.ee.co.uk" ); } ); }, { Action = Connect; } )
  State:    always

Is this normal? Because while it is broad and covers a few carriers, this doesn't seem normal for a macOS configuration profile when the user is expecting something like a DNS profile to send everything through their preferred DNS resolver. I also don't recall these exceptions in being in there before. Couldn't this be exploited?