I'm using IoT Network for various devices: Rain Machine, Ring, Fridge, Alexa/Google devices, etc.

Due to the BE800 not supporting DNS over HTTPS, I'm having to run Pi-hole and Cloudflared dockers on my two Unraid servers to provide DNS to my network (using a Control D resolver):

DNS-Over-HTTPS proxies (DNS lookups via Control D) 
192.168.50.2 = cloudflared docker on Unraid Box 1
192.168.50.4 = cloudflared docker on Unraid Box 2

DNS Servers
192.168.50.3 = pi-hole docker on Unraid Box 1
192.168.50.5 = pi-hole docker on Unraid Box 2

DHCP Server
192.168.50.3 = pi-hole docker on Unraid Box 1

(providing 192.168.50.6 - .254; on my BE800 I have DHCP disabled)

The issue is, if I turn on Device Isolation and I select my IoT devices - they can no longer communicate with my local DHCP or DNS servers. 

If I use the BE800 as the DHCP server, then the IoT devices get an address but they still cannot hit my local DNS servers. 

If a feature could be added to the BE800 which allows exceptions to be made to Device Isolation, that'd be great. Essentially, if I could put in IP addresses which should be whitelisted and accessible to all devices part of Device Isolation, then my DHCP and DNS servers would work. 

i.e. Allow me to whitelist 192.168.50.3 and 192.168.50.5

Then, my ring devices and fridge, etc., could be put into Device Isolation and they would be able to communicate with each other still, but also have access to my two whitelisted IPs.

Alternatively, I would be able to get rid of my pi-hole and cloudflared dockers entirely if DNS over HTTPS was a feature in the BE800 interface. Unfortunately I can only enter IP addresses, and DoT/DoH are not supported. It's a catch 22. Using IP DNS and BE800 DHCP, Device Isolation works fine -- but I don't want to use IP DNS. So at this point, I'm forced to choose between enabling Device Isolation, or using DoH - and for now, I'm having to leave Device Isolation off.