not really feasible for non technical folks but at that point you start to run a dns proxy in cloud with static ip and proxy all your dns requests using DoH to that IP. That would be really hard to block without blocking all outbound https connections