Random, but for HomeKit users, I really like a few recent Belkin products: specifically the most recent models of smart plug and smart light switch with Thread radios. Not only do they not require an account, but they don't even have an app. (And can't be used with the existing Belkin Wemo app.) They get firmware updates directly through the Apple Home app.
Install a configuration profile that configures DNS. This a better way to configure DNS on Apple platforms because it's device-wide, not per-network. These are generally distributed as files named something.mobileconfig. I use one distributed by AdGuard for their public DNS. Just open on an Apple platform and it will offer to install. It's signed, so the OS knows it's from who it says it's from. I have this profile installed on my iPhone, Mac and Apple TV.
I don't think there's any automatic fallback, but I'm not sure.
It is possible to quickly toggle on-and-off what the configuration profile sets in Settings. I've occasionally had trouble on captive wi-fi portals, like on planes, but I generally remember it's probably the DoH, so I go toggle it off, get connected, and toggle it back on.
reply