Thanks for your thoughtful reply (as always). Please explain the "two things to keep in mind" for non-techies.
That's quite a challenge! Those things are really technical... but let's try somewhat and you can complement it with some searches in Rav Google.
1) What are those "clean" DNS filters anyway? DNS is like a phone book ("internet address book"), you enter google.com in your browser address bar and the computer asks from the DNS provider where Google is physically located (which is the IP address/s the server is at.) So when you use one of those services like CleanBrowsing or OpenDNS they will just stick out their tongue when a request for a blocked site comes to them, they'll either not respond with an address or they'll respond with the IP address where their block page is located...
Makes sense so far?...
Now to the 1st "keep in mind", the default for most devices will be that their DNS server is the router, and the router has the actual DNS provider server settings for this. Hence when you change the DNS provider on the router, all clients (devices) will rely on this and be filtered. BUT this is only the default setting on the device, but almost every device allows you to easily change the devices DNS provider to rely on another server (i.e. Google's 8.8.8.8, CloudFlare's 1.1.1.1, or OpenDNS's fully open server) and in that case they'll just not ask anything from the router and will not be filtered.
The way to prevent this (but this is an advanced thing, and it depends on every router specifically if you can do it) is by blocking (see
here) or redirecting/intercepting (see
here, this is much better but also harder to set up and fewer routers support it) all DNS traffic and allowing only the one from the service your using.
2) This DoH thing is related to point 1, but it's a new thing being rapidly adapted. It changes the way those DNS requests are made, instead of using DNS requests to a server (requests that are not private, and your ISP etc can see which websites you're trying to use) this technology make a private DNS request to special servers.
This technology generally takes away any control the router has on DNS, even the default DNS will be on the computer or browser level. Firefox has enabled this thing by default for most or all users recently, rendering a lot of this kind of filter useless. (See here that they are planning to implement something to make it work, but I don't think that is already in place,
https://blog.mozilla.org/futurereleases/2019/07/31/dns-over-https-doh-update-detecting-managed-networks-and-user-choice/)
Nuff? To apply this info to your individual setup I'm not gonna be able to help you.