1st link is for setting up secure DNS lookups from your router (and indirectly clients).
The 2nd for intercepting rogue DNS calls, from your network devices, not honoring the
DNSes provided by your DHCP.
I think this is why DNSSEC is a thing to make sure this does not happen, you can use unbound to use this feature, but you would also need the full dnsmsq to use this feature.
I would not recomend removing it and installing the full version there is a proper method on how you can switch from one to another.
I think this is the gude I used to setup such a service
And did a quick test with one of my clients where I set it to use my ISP's DNS. I went to https://dnsleaktest.com/ and saw Google and Cloudflare DNS servers only so I think I can conclude such rogue DNS calls can not happen.