EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.
So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can’t manually set my own DNS on my router or even my devices.
Cyber security has never been my forte but I’m always trying to keep learning as I go. I’ve read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.
Are they all true? Whats the cheapest, easiest way of dealing with all of this?
Doesn’t the RPi still go through the ISP? You’d still have to find a way to bypass their hijacking attempts, just on a different device this time.
Dot or doh will stop the DNS rewrites.