Both these protocols are IETF standards and are similarly secure given that the incontrovertible fact that HTTPS itself runs over TLS. However, both protocols have just a little different ideas and there are a large number of arguments between engineers over the reason DoH protocol exists in first place when an ideal DoT protocol exists that implements RFC 7766 checklist. The argument of having DoH is more political since DNS requests over DoH look similar to normal HTTPS site visitors over port 443 and thus hard to stop unlike DoT working on port 853. This makes DoH protocol fascinating to users in international locations with Internet censorship.
Now all you need to configure DoT is to repeat here stream config block on your /etc/nginx/nginx. conf file and save the certificates and key files to path given as in the config. Don’t forget to update the upstream DNS server IP addresses to your current DNS servers.