DNS is currently unsecured, and the IETF have only just started attempting to solve this problem, [Signaling That an Authoritative DNS server offers DoT](https://datatracker.ietf.org/doc/draft-levine-dprive-signal/). DoH doesn't actually solve the problem, it just moves it around.
Even when Authoratative DoT is a thing, there will be plenty of domains that will take years, if not decades before it'll be rolled out.
One solution is to use tor to anonymize the DNS queries. This will only work w/ DNSSEC domains, though there is the option that a voting system could be used, say make 5 queries through different exit nodes, and if any of them disagree, do additional queries to validate the solution.