Yes, the proxy specified for the encrypted DNS protocols (DOH, DOH3, DOQ) must be an IP based proxy. All proxy/VPN providers has an IP addresses and resolvers.
You can obtain the IP addresses of the domain-hostname proxy by initially one-time mapping in [Host]. e.g.
[Host]
*.relays.mullvad.net = server:194.242.2.2 // for mullvad
*.us.socks.nordhold.net = server:103.86.96.100 //for Nordvpn
....e.t.c.
If you test the corresponding domain-based proxy policy in [Proxy], it will be resolved using this local mapping and the IP addresses of this proxy's doman name will be revealed upon resolution of such domain based proxy, then:
For Surge Mac: Open Dashboard, go to the "DNS" for Surgemac or
For SurgeiOS: "Utilities>DNS Results",
copy out the IP addresses of the proxy domain and re-configure the proxy policy using the IP addresses obtained above and use the same credentials (username and password) and it works.
