All correct. But at the end the day, I get to tighten the reigns a little and determine who I trust most by having that DNS level of control and HTTPS connection security. Setup correctly, I'd know I'm only connecting to the DNS of my choice.
For me, using DNS level filter for the kids accomplishes a lot and to be able to securely tunnel to the DNS provider I chose, provides that extra handshake. Especially since the DNS provider is doing the filtering, any leaks and I'd lose that.
The way I look at it, imagine yourself in a crowded room. I scream "hey Google, where is...?" Everyone hears, even if they're not interested. This could be your ISP, etc... This is analogous to DNS today.
Now if I use a phone connected directly to Google, well, it makes it a lot more difficult for someone to listen in as now I have that direct line. Analogous to DoH.
As for the privacy gain while on the road in a cafe or a hotel, well that's why I have a VPN, but with the understanding that I'm going to take a throughput hit.
Thanks for the suggestion for Unbound. I'll have to take a look at this.