A cartoon intro to DNS over HTTPS
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ (2018/05/31)
Even though all pages you browse are HTTPS, there are still some threats. A DNS query envelope the User Agent sends includes most of your IP address and which domain name you are looking for. Since these DNS requests are not encrypted, the resolver your computer uses and routers on a path to a DNS server can read and abuse them. They can track your browsing information and spoof the DNS responses. Trusted Recursive Resolver (TRR) and DNS over HTTPS (DoH) fixes some of these vulnerabilities.
DNS Queries over HTTPS: RFC8484