I recently began looking into encrypting dns traffic for general security reasons. Thankfully I wasn’t the first person to look into this and there is a very robust ecosystem already in place.

https://github.com/paulmillr/encrypted-dns

I chose to use the cloudflare resolvers but Paul has put together a great list of other providers that provide access to both general as well resolvers who provider dns filtering to protect against known malicious sites.

Cloudflare talks about the different methodologies in detail but it falls into 3 categories:

DNS over TLS (DoT): https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls

DNS over HTTPS (DoH): https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/

Oblivious DNS over HTTPS: https://developers.cloudflare.com/1.1.1.1/encryption/oblivious-dns-over-https/

I personally would recommend DoH as it provides both security and slightly obscured network traffic while not requiring additional third party services.