I doubt that just using nextdns could help in that. Couldn't they just hardcode and make requests to, say 8.8.8.8 or an unknown address, to resolve their DNS-over-HTTP domains?
Yes they can. You need to additionally run a firewall on your mobile device (and/or a firewall on your home network) and block all of the common DNS IP. Then only NextDNS or your choice of DNS is available (and encrypted)
Google just wants you to use them for DNS so they can still see where you are going :-)
Google just wants you to use them for DNS so they can still see where you are going :-)