Prevent using other DNS from Android emulator

I'm on a 2021 MacBook Pro with Sequoia 15.3.2 and some of my settings (DNS, Firewall) are set with a profile by the company I work for. Sometimes I share this MacBook to a user for which I've created a standard (non-admin) account and has Android Studio with Android emulator. I noticed that it is possible to start android emulator from the command line and set another DNS by adding -dns-server parameter. I would like to prevent the use of another DNS in Android emulator and possibly in other apps. I can't uninstall Android Studio as it is needed. How could I do that, independently of the network the user is connected to (I can force something on Wifi network but not with 4G/5G hotpoint) ? I first thought of hosts file, but I think it only allows to block by host name and not by IP. I don't have access to Firewall and DNS settings as it is handled by the company. Then I thought of pfctl but I don't know exactly how to configure it, I made a quick try but didn't succeed I added those lines in pfctl conf and restarted it :

block drop proto tcp from any to 8.8.8.8 port 53
block drop proto udp from any to 8.8.8.8 port 53

Then I launched Android emulator with -dns-server 8.8.8.8 option, but this DNS server was still accessible. Maybe I should add port 853 in my conf too ? Can you please advise me on how I could do that ?