What do you think about including https://developers.cloudflare.com/1.1.1.1/dns-over-https/cloudflared-proxy/ or more generally https://dnscrypt.info/ in DietPi? Thank you for considering it.
I want to add such, just hadn’t the time yet to implement. So much other things to do 
. Any help on implementing it is appreciated: https://github.com/MichaIng/DietPi/issues/2409
As well adding it to FeatHub can raise priority 
: https://feathub.com/MichaIng/DietPi
maybe a better option, install unbound, it’s a local DNS Resolver, much faster and secure then something else
https://nlnetlabs.nl/projects/unbound/
tested on DietPi 6.23 / 6.24
I think they have changed cloudflared since II installed it. I have the DoH running on port 5053 on the same machine as PiHole.
PiHole points to this resolver on 5053.
It means I can bypass PiHole by pointing the DNS setting to 5053 on that machine/IP and all requests on port 53 go to PiHole then forwarded by a DoH call.
I can back that. I did it this way and unbound runs like a charm. 
I, however, configured it to use DNS over TLS (DoT). There’s plenty of tutorials in the internet. Important, tho, that you use Buster v10 (i.e. not Stretch v9) as your rasPi OS because it ships with a newer version of unbound that allows you to use DoH and DoT.