Create a different Admin account and transform your current account to limited/restricted/standard user to reduce the attack surface enormously. Don't use administrator access for your tasks!
While DNS encryption isn't perfect both Quad9 and Cloudflare are recommend. AdGuard and NextDNS are another, but some users report problems like false positive filtering, stability/performance issues.