When you manually set Private DNS on the phone, DNS lookup no longer go through the router. For example, if you set your Private DNS to dns.google, then DNS lookup goes over an encrypted TLS connection to dns.google, bypassing the DNS filter on the router. So it is good that traffic is blocked when Private DNS is used.

However, please note that blocking is effective only when “Block proxy, VPN, TOR” is checked on the profile.