I'm looking for a solution to block all unwanted dns servers except the one in AdGuard Home for my guest wlan. At the moment AdGuard is handling all the dns requests as long as no one input manually a dns server. So it's easy to go around all the restrictions.
I see that the firewall is forwarding port 53 to port 3053 (Adguard Home) so I'm not sure if I need to block some traffic with the Firewall or in AdGuard Home.
If the user on your guest network sets up DoH on their systems or on their Browser, which is trivial to do, you won't be able to block them unless you block the specified DNS provider they are using. DoH hides and encrypts DNS.
yes that's clear to me and that's why I'm looking for how to block (better rewrite if possible) all dns servers except for the one in AdGuard Home servers defined.