It should just be a case of setting up Wireguard then following something like this: https://developers.cloudflare.com/1.1.1.1/dns-over-https/clo...

Then you just need to use your VPN endpoint for DNS.

I do something similar but with Wireguard and Pi-hole.

Have you looked at Streisand? Super easy script that sets up wireguard and several other protocols for you all at once, all you need is a VPS https://github.com/StreisandEffect/streisand

I did but forgot about it. Thanks for reminding me!