There is now a concerted move on part of multiple service providers to offer DNS over HTTPS. Browser vendors are doing it to differentiate their services supposedly addressing privacy issues, (i.e. Google LOL ) and now, there is an offering of vendor-independent DNS over HTTPS from Cloudflare that could be found at https://18.104.22.168/
Since not everyone running HTTPS inspection on their gateways or proxies, probability of evasion for categorized traffic is increasing.
Furthermore, presently the DNS group in services is limited to conventional DNS over UDP and DNS over TCP, so event if we are to inspect the HTTPS traffic, there are no guaranties that we can recognize and act on its DNS payload.
I would like to hear your thoughts on this subject as well as on inspection of the proprietary protocols such as QUIC and PSOM.