Does Apple hide logs?

TLDR; Can an Apple service bypass the nextdns decoder, if so how can it be disabled?

I look at the logs from time to time to understand that everything is fine with my children and where they surf to keep them safe online without invading their private lives too much.

I wanted to understand something about Apple, my son has an Apple device and I see queries of:

proxy.safebrowsing.apple
xp.apple.com
stats.gc.fe.apple-dns.net
friend.gc-apple.com.akadns.net

and more like these

I'm having a hard time understanding do these domains block the possibility of seeing something happening? It looks like friend.gc-apple.com.akadns.net uses the akadns service to get the requested destination which causes nextdns to not decode the address
Do I understand that right?

That is, if my son logs into Google Chrome and his name goes to discord or something similar and I set in the deny list that he will not be able to reach his name, will this option prevent the filter from running?