@tomxcd@fedi.nullob.si I've set up a https-dns-proxy on my router that forwards the requests to Hurricane Electric and OpenDNS and forgot about CloudFlare DNS, Google DNS, my ISP's DNS — all of them.
I think you can also set something like this up on Android phone, it uses some other protocol (DNS over TLS?), but it's possible to use something more trustworthy like Mullvad this way.
I think it's the most sane thing to do. Having resolver requests unencrypted in the age of surveillance is wrong.