You don't need a proxy for the same reason that your ISP can't read your https data. The data transmitted is encrypted at either end so people passing that data can't read it. Current DNS requests are passed in plain text so all hops along the way can read that information.
However, you are correct that if using some sort of encrypted DNS you'd still have to trust the provider you use to be able to read those requests and have to choose a provider that isn't your ISP (which tends to be the default in most places) and the two primary providers at the moment appear to be Amazon (via cloudflare) or google. To that extent, pick your poison.
However, you are correct that if using some sort of encrypted DNS you'd still have to trust the provider you use to be able to read those requests and have to choose a provider that isn't your ISP (which tends to be the default in most places) and the two primary providers at the moment appear to be Amazon (via cloudflare) or google. To that extent, pick your poison.