> iCloud Private Relay is the only thing that stops Safari using your NextDNS config

Maybe that’s true for the NextDNS configuration—I don’t know, I haven’t tested, so I’ll take your word for it—but not true for DNS settings in general.

> turn that off and you're golden.

Unless you want iCloud Private Relay, in which case you’re not.