In theory if you got a resolver which could disable UDP queries, it would then default to TCP, and the ISP couldn't manipulate those. Don't know if any resolver supports disabling UDP though.
Unbound as a client will fall back to TCP automatically if the UDP response is too big. I'm uncertain if there is widespread support for TCP servers though.
They can easily manipulate TCP as well. Unless you establish an authenticated session like TLS, TCP can be mitm-ed easily.