That's another reason for putting another router after your ISP's box. As long as I'm not an admin on that one, they can do a lot of shady things. Also using a DNS server with external forwarders (PiHole is great for that).
The problem is that the number of attack vectors are legion. If they don't get you by DNS they'll get you by one of the thousands of other attack vectors.
https://www.securityevaluators.com/whitepaper/sohopelessly-b...
That paper needs wider exposure, though sadly it didn’t get much traction here when I submitted it.