You could try Stubby (DNS over TLS) as this is not a huge package
Once installed and configured you could then use vi or nano to edit the stubby config.
NextDNS website has a script under the Router set up guide section that may work.
I tried this some time ago and it worked but I now use Unbound and Adblock for my encrypted DNS and ad filtering.
Here is the script I used. My NextDNS ID is removed.
config resolver
option address '2a07:a8c0::0'
option tls_auth_name '<nextdns id>.dns1.nextdns.io'
config resolver
option address '2a07:a8c1::0'
option tls_auth_name '<nextdns id>.dns2.nextdns.io'
config resolver
option address '45.90.28.0'
option tls_auth_name '<nextdns id>.dns1.nextdns.io'
config resolver
option address '45.90.30.0'
option tls_auth_name '<nextdns id>.dns2.nextdns.io'