i have found the base pages, and they show the steps, but theres a few spots where it loses me. the youtube videos are sparse on the topic, and alot of content is pre v22,
i would primarily like the ability to use encrypted dns to cloudflare, im also investigating vpn services, but im a bit skeptical on the overhead, my area already has a 35ms response to chicago and mineapolis, so id like to avoid adding much latency into the mix for the sake of privacy.
Could you be more specific with respect to the issues you're having?
But, that aside, if you don't have a requirement for specific features of unbound (like, say, zone transfers or that sort of thing), and you're really just in need of a DoH or DoT solution, I'd suggest looking at stubby for DoT or https-dns-proxy for DoH. Both have simpler configuration, and with https-dns-proxy you also get a robust LuCI-based management interface.
im learning ways to take control of my networks security and privacy, im still malleable on what i actually need/want, i recently read that encrypted dns isnt really all its cracked up to be as youll basically be requesting the site in plain text immediatly afterwards, unless im misunderstanding the concept there.
i want generally secure and generally safe
That was how original DNS worked, but the point of both DoT and DoH is to send the requests over an encrypted channel. If you run tcpdump -i eth0 port 853 where eth0 is the name of your WAN interface, and that port number is one of 53 (DNS), 443 (https, so all of web traffic + DoH) or 853 (DoT), then you can see that the packets are encrypted on 443 and 853 as they go out, but 53 is clear text. Your ISP (and any man-in-the-middle) can still see that you are sending a request to 1.1.1.1 or 9.9.9.9 or wherever, but they can't see what you're asking them.
Generally secure and safe is sort of the OpenWrt default, what you're now doing with DNS-over-encryption is improving your privacy. Once you get this done, you'll probably want to look at "adblockers" (which are really not just blocking ads, but suppressing DNS resolution to all sorts of sites).
* opkg update && opkg install tcpdump
Pretty much all the sites I visit use secure (https) connections, so for me, encrypted DNS is worth it.
Even if the sites you visit do not use https, at least you will be preventing your ISP from monetizing your DNS traffic.
luci management is nice but i like to learn the cli of each piece also, im gonna go decide between dot and doh
i decided on doh, lol its newer and being adopted more frequently and it encrypts the traffic and the final ip i feel like thats as good as you can get without full out vpn setup right?
I use SmartDNS, easy to setup and can use DoH and DoT, can be used as upstream for DNSMasq or as sole DNS source
so in retrospect installing DoH is amazingly simple. install package.... restart service... DoH!!
Are you channeling Homer Simpson? 
so glad someone got that lmao