@rasputinthegreatest: not trying to be hard on you, but do want to encourage you to think through carefully what you wish to do in terms of cybersecurity 😀.
On the topic of DoT, I ask "why" because what is your actual goal with DoT? Is it to hide your DNS query from someone like your ISP? That is usually everyone's first answer when asked that question. But are you effectively hiding anything when you consider it this way --
Your LAN client performs a DNS lookup for (let's be naughty here 😳) say pornhub.com. DoT will let you hide that DNS query from your ISP.
But what is the next thing that happens? Your LAN client receives a reply via DoT that says "you can find pornhub.com at this IP address, x.x.x.x".
What is the next thing your client does? Yep, it connects to that IP address. So, all your ISP has to do is log the IP addresses you connect to and they know where you are going via a simple reverse DNS query or matching the IP with ASN lists.
The only time the above scenario would not be true is if you routed all traffic through a VPN. And in that case, why not just leave DNS unencrypted and use your VPN provider's DNS? Many of them attempt to force that on you anyway. That VPN provider is for sure going to know exactly what IP address you visited as well. You are just trusting them to keep that confidential. Some may, but many won't when push comes to shove and they receive a request from law enforcement "they can't turn down".
Many IDS/IPS users fail to think through fully the impact of all the encryption on the Internet today. Hardly anything is cleartext any more. DoT, DoH, HTTPS, SSH, SMTPS, POP3S, IMAPS, QUIC, etc., all totally hide the packet payload behind encryption. An IDS/IPS sees nothing but un-decipherable random data bits in those protocols unless you do a MITM (man-in-the-middle) interception of the encryption chain. And doing that is both complicated and not really possible with some devices such as Smartphones.
I managed cyber systems for several years, and I've heard all the arguments and justifications for "defense in depth". But frankly, the almost total domination of encryption has rendered the old IDS/IPS on the perimeter model obsolete or at the least highly inefficient as you will spend a huge amount of time and energy chasing false positives. The glory days of the past where most network perimeter traffic was in the clear and could be sniffed and analyzed are gone never to return. In fact, many of the rules packages today are little more than lists of IP addresses the IDS/IPS will alert on when detected as source or destination addresses of a packet. But why use all the other IDS/IPS overhead for simple IP matching/detection? The firewall can already do that just fine and much faster than the IDS/IPS can.
Much better and more effective to concentrate your cybersecurity efforts on the endpoints (servers, workstations, tablets, etc.) and on user training (teach them to not be dumb and click on everything with wild abandon).