For 10$/year I am running a VPS server in Amsterdam with strongswan ([1] VPN server) and dnscrypt-proxy 2.0 ([2] DNS server which is dispersing queries to multiple DNSCrypt servers and also blocking various ads and bad agents) on it.
Finally it is incredibly simple to use nginx to serve DNS-over-TLS from your own machine (so from my dnscypt-proxy) for using on Android Pie. Works on mobile as well. [3]
The problem I have with this setup is when using networks that require you click through a captive portal. Often external DNS servers can't resolve their portals -- so you can't click through to open up to the wider internet and have to screw around flipping the DNS temp. After wondering what on earth is going on for a minute or two, as you've forgotten, again.
Just curious: Wouldn't visiting sites like http://neverssl.com work? If it doesn't, then it's a good opportunity for someone to put a static-ip behind something like http://neverssl.com
No because often they redirect you to a DNS address that only exists in their internal DNS. And that internal DNS is often to an internal only IP, so you can't VPN all your traffic. e.g. you'll go to http://neverssl.com then get bounced to http://some.internal.net which resolves to 10.10.1.1 which finally serves the portal you have to click through.