I just thought his was an interesting short fact sheet from the Netherlands NCSC on the fact that secure DNS is happening and is pretty much the future and the impact that will have on DNS monitoring (more specifically from an enterprise consideration)
New DNS transport protocols make it harder to monitor or modify DNS requests. This is beneficial on today’s untrusted networks. At the same time the shift may render your organisation’s security controls ineffective, expose internal naming or break connectivity. These negative side effects are hard to mitigate at a network level and require mitigation at DNS infrastructure and individual devices.
The NCSC recommends organisations to decide on preferred (DNS) resolvers, configure these on devices under administrative control and take note of the benefits provided by modern DNS transport protocols.