I want to make a note that compliance with RFC 7686 is breaking the usage of .onion addresses in transparent Tor proxying for non-Whonix VMs (and maybe for Whonix-Wrokstation in some cases with apps using c-ares) connected to Whonix-Gateway.
RFC 7686 states that:
Applications that do not implement the Tor
protocol SHOULD generate an error upon the use of .onion and
SHOULD NOT perform a DNS lookup.