Smartphone OS manufactures like Apple and Google do not allow strong secure features to black domain or IP addresses. There are attempts at cheep hacks to use VN or accessibility work a rounds but they can be overwritten by the OS and they prevent use a firewall and VPN at the same time.
I have used encrypted DNS profiles on iOS to block them at the resolver level. However, the correct thing to do is to disable the feature in a configuration profile. You can also block them on macOS using Little Snitch or similar.
No, you sometimes can't use two apps on iOS that attempt to configure DNS and a "VPN" for local filtering purposes at the same time (the latter is often a glorified hosts list).
You absolutely can use encrypted DNS and/or a VPN (or Private Relay). None of these have bearing on using an application firewall or pf on macOS.
