I use the 1.1.1.1 client on Android phones with Zero Trust to use Warp and DNS protected by Cloudflare. I also have local DNS servers in some locations for additional filtering I can’t achieve through Cloudflare. However if the clients are using Zero Trust then they bypass the local DNS.
I notice that if using the 1.1.1.1 app without using Zero Trust there is an additional setting under Advanced > Connection Options > Trusted Networks where I can specify SSIDs where 1.1.1.1 DNS will not be used.
Is there a similar setting buried somewhere for Zero Trust?