Changing DNS multiple times in the application while connected, such as enabling the first 3 DNS filters, will cause the systemd service to crash and not change the value pulled from /etc/resolv.conf.
Even if it did work properly, it’s not reliable on Fedora. Running the qubes-setup-dnat-to-ns script manually will not even update the dnat-dns chain with the correct DNS IP after a few uses.
To fix this, you need to restart systemd-resolved first and then run qubes-setup-dnat-to-ns. This needs to be done every time the value changes.
Also, rc.local is not considered legacy on Qubes. It’s used by qubes (qubes-misc-post.service) to run things early in the boot process. It can also be done with systemd, but it’s more work than throwing a few command lines in that file.