With this guide wouldn’t the local dns instance still make requests unencrypted?

Additionally, even without logs on the local instances, the local cache would still exist.

I would rather use dns over https, trusting an anonymous third party dns provider, seems ripe for mitm attacks.