DNS over HTTPS in Firefox

Yes, but the point is that when you use software to examine ARP packets on your local network, that software isn't magically divining the true identity of the sender of those packets, if the packets have IP address 1.1.1.1 the software just does rDNS and says 1dot1dot1dot1.cloudflare-dns.com because that's what the entry for 1.1.1.1 in the reverse DNS says.

Now, is it technically possible that a Cloudflare DNS server is on your LAN? Sure (maybe "your LAN" is in a datacentre or you work for Cloudflare). Is it likely? Nope, lots of idiots hijack 1.1.1.1 because they figure they'll pick a real value later, or they assume it's unused because it wasn't used back when they wrote their software, or just because they're very lazy and unimaginative.

And yes, it's legitimate. The 1.1.1.0/24 network (and several others in that neighbourhood) are so poisoned as to be useless for most purposes because of the hijacking I mentioned. However this particular address is memorable and thus valuable to Cloudflare. They struck a deal with, IIRC APNIC (the RIR for the Asia Pacific region) who were unable to issue this address to an LIR because it's poisoned, Cloudflare's DoS-resistant network resources would be used to monitor the subnet for APNIC and in exchange APNIC would let them advertise anycast routing into this /24 (effectively just for 1.1.1.1 itself) to run DNS services around the world.