Well... you can't have your cake and it eat, too.
I fear this holds true also in this regard.
The solution for encryption has to weigh your interest to securely look up proven authentic host name records against your interest to control and manage communication on your own network, and against your interest to retain privacy, preferably on private as well as public networks - and those three do not always agree very well.
You may be aware that this has been discussed here previously, e.g. in https://discourse.pi-hole.net/t/eff-view-on-doh-and-potential-privacy-problem-with-it/23524 or Blocking DNS-over-HTTPS (DoH).
The posts on those topics - as well as links provided among them - may help broaden one's views on the matter.
One cannot discuss encrpytion without paying attention to authenticity also.
Putting away my reservations about DoH and its tendency to further concentrating surveillance options to fewer locations (consider the Mozilla-Cloudflare deal), it is important to recognize that neither DoT nor DoH are able to supply sufficient authenticity within the scope of DNS.
This is so because the underlying transport layer security (as employed both by DoT as well as DoH) is concerned solely with the authenticity of the transport communication target, i.e. in DNS resolver itself (in DNS terms).
However, this does not imply any guarantees on the authenticity of the DNS records that are distributed by that resolver.
Only DNSSEC provides means to ensure the latter.
If we'd value proven authentic DNS records over privacy and manageability of DNS traffic, DNSSEC would be the tech to push.
Expanding on this, I 'd favour DoT over DoH personally, as it strikes the best compromise between privacy and local DNS traffic manageability (or observability, if you'd prefer).
However, in a total surveillance society, I would wish for DoH to be operational for me, as that would offer the best probability to escape surveillance where I don't want it (which does not mean to escape it by and large).
Shifting DNS control away from the network over to application level seems not desirable for me at all, yet it will come. In fact, it is already manifesting itself, pushed by the remaining two browser engine makers.
Quite probably, in a more ideal world, the answer to this should not be decided by some browser manufacturer or some mega company with their respective own agendas, but rather by an enlightened and educated public.
Yet I fear the public, as it is currently, is not very interested at all, and even if so, would find it difficult to fathom impact and consequences of this subject.
To be honest, I constantly struggle myself 
For once, the goals of the average home user (trying to employ adult content filtering) seem to align with those of companies of all scales, as usage of DoH causes quite some headaches among company network admins (trying to keep their networks secure).
Mozillas DoH probing meachanism may prove compatible with controlling your DNS traffic within your premises.
Apart from any ethical, political or profit-maximizing influences, Netmeister has assembled an excellent technical background overview of the current efforts to accomplish more secure DNS operations - if interested read more at DNS Security: Threat Modeling DNSSEC, DoT, and DoH.