"Simple" doesn't always mean "better". A car without seatbelts is less complicated than one with, but it definitely doesn't make it a better car.
Similarly, The original DNS protocol doesn't have any form of verification: it is is trivially easy for a MitM attacker to alter the responses - or even for a non-MitM one to send spoofed responses "in the blind". It also doesn't have any form of confidentiality: it is trivially easy for a MitM attacker to log all the requests you make, which essentially means your entire browser history.
It takes an awful lot of hacking to turn classic DNS into something even remotely representing a mature and well-designed protocol. By the time you are done bolting on all the other stuff it really isn't all that simple anymore.
> it is is trivially easy for a MitM attacker to alter the responses
This is true even for DOH. There is no guaranty that your TLS certificate issuer is to be trusted. And, by the way, most of them are in the USA, a country known for its surveillance programs.
Similarly, The original DNS protocol doesn't have any form of verification: it is is trivially easy for a MitM attacker to alter the responses - or even for a non-MitM one to send spoofed responses "in the blind". It also doesn't have any form of confidentiality: it is trivially easy for a MitM attacker to log all the requests you make, which essentially means your entire browser history.
It takes an awful lot of hacking to turn classic DNS into something even remotely representing a mature and well-designed protocol. By the time you are done bolting on all the other stuff it really isn't all that simple anymore.