DoT (RFC 7858) was the first widely-deployed encrypted-DNS standard. It runs on TCP 853 and is straightforward for network operators to allow or block.
DoH is now more common in browsers because port-443 traffic is harder to censor. DoT is still common on Android (which uses it under "Private DNS").
See also
- DNSThe distributed directory that maps human-readable names like example.com to IP addresses (and other records).
- DoHDNS queries encrypted inside HTTPS so neither your ISP nor the local network can read or modify them.
- DNSSECCryptographic signatures on DNS records so resolvers can verify the answer wasn't forged or tampered with.