DNS-over-TLS via SystemD Resolved.Conf instead of DNS servers

[ghost]

UDM firmware 2.5.X (and probably 2.4.X) supports /etc/systemd/resolved.conf, where DNS over TLS can be set, but I not sure exactly how to make it work for all clients. I am researching and it looks like DHCP, NetworkManager and some other files need to point to /etc/systemd/resolved.conf instead of pointing to etc/resolv.conf for all clients to use DNS over TLS. I verified that enabling DoT in systemd/resolved.conf did show router making attempts to use DoT in system logs.

It would be of great help if someone figured it out completely and post a script to have all clients use systemd resolved.conf DoT. It could potentially replace the need for installing CNI plugins and running custom DNS servers for those who just want a simple way to encrypt DNS queries for client devices that can't do it on their own without configuring containers.

[ghost]

This should probably be moved to "Discussions" section.