On the assumption that anything the Brave browser blocks would be one less query counted towards that limit, using NextDNS’ free version could be quite good… I wonder if it will be possible to keep the device protection and keep Quad9.
Quad9’s servers, on the server side, only have malicious link blocking and not ad blocking, as opposed to AdGuard’s DNS server.
The AdGuard app’s default mode, where it used that local VPN that loops back into the device, I assume it let AdGuard process the requests locally, because even when I have the DNS server setting in the app set to Quad9, it still blocks the ads. Given that, my previous iOS networking setup was that the traffic would first loop through AdGuard’s local VPN tunnel back into the iPad to be filtered by the app, and then sent off through ProtonVPN’s IKEv2 tunnel via split-tunneling support, while using Quad9 for DNS queries.
Switching the AdGuard app to Native mode fully overrides the device’s DNS setting by adding a managed DNS configuration (inside the “VPN, DNS, and Device Management” settings menu, not in a given Wi-Fi connection’s DNS configurations), and so I can only either use Quad9 and only have malicious link blocking, or use AdGuard DNS and get full adblocking.
I wish Apple allowed for more freedom and didn’t restrict split-tunneling so much. 