Comment by heavyset_go

The Tor daemon exposes DNS resolvers if you enable them in torrc.

You'd of course be trusting Tor nodes for your DNS at that point, as I believe the network pulls records from exit nodes' resolvers, but you sidestep the quandary of deciding who you trust to directly make requests to.

You can also have multiple resolvers in the same daemon that use their own circuits, reducing the chances of receiving forged DNS records from potentially malicious exit nodes.

Similarly, DoH and DoT work over Tor.

You don't have to use it at a system level, just point your DNS clients at the daemon.