Unbound which does name resolution on its own. Problem with DNS over TLS,DNS over HTTPS or DNSCrypt is ... Your DNS Traffic is then encrypted but you still have to use some third party DNS server. Are they trustworthy? Who knows.... If you are paranoid you could host your own DNS server that's supports encryption and is hosted somewhere in some foreign country.