Ubiquiti Dream Machine integration questions

Hi everyone. I’m new to NextDNS. I have things up and running - I installed this on the CLI with the package and I’ve figured out the conditional configs pretty quickly. 

I chose not to enable local caching after a warning about dnsmasq. 
 

logs have started flowing into my dashboard so all good so far but i have some questions:

- I can see that the application detection in the Ubiquiti dashboard is still working even though I’m using DoH. Is this becuase the DoH request is made from the UDM - not the client - so the UDM can still see the request?

- Are there any known issues running the UDM threat categories alongside NextDNS?

- I don’t see a way to bypass a specific subnet from the config. As a workaround I have a lax policy without logging set globally and then apply specific policies to subnets as needed. If I manually set the DNS servers in the DCHP scope i assume the client will then not use the UDM for resolution and therefore bypass it? This is important for some work devices 

Finally if there are any best practices or gotchas that can be shared around NextDNS and the UDM, I’m all ears. 
 

Thanks!