Enable DOH or DOT Downstream from pi-hole to end-devices

Hello,
I am running pi-hole on AWS, the reason being I am looking to secure my mobile devices and for family/friends (instead of doing port forwarding). I happen to use android device which allows to change DNS using private DNS. Currently I use a third party app to change the DNS settings for my cellular connections. Is there any means by which I can use the built in android feature of private dns without having to use any third party app for me to use pi-hole as dns resolver with possibility of securing my requests from end devices to pi-hole server.

-J

The DNS server is automatically assigned via DHCP with Android. The only way I have found to change the DNS was to use a DNS changing app which usually puts a proxy on the phone to intercept the DNS lookup. I have been using "DNS Changer (No Root - IPv6 - All Connections)" on Android it's published by Frostnerd.com.

Doh - (Firefox or App using dnscrypt sever stamp)
Rust-doh - dnscrypt-server / wrapper - Pihole - Dnscrypt-Proxy - upstream