Question about the real security of browser encrypted secure DNS

I’m using an AMD laptop with Linux-Tumbleweed-Gnome-Wayland.

I turned on Secure DNS in my Chrome and Firefox browsers and set them to Google Public DNS 8.8.8.8 and CloudFlare 1.1.1.1. I read that DNS a query resolution can go thru multiple DNS servers like the Root server then the TLD server then a 2nd Level Domain Server. As my DNS query goes thru these levels, does it ever appear in plaintext that can be spied on by someone other than Google or CloudFlare? (assume that Secure DNS is turned on)

I’m new to this DNS stuff so let me know if my question has some mistakes.

And IIUC many DNS queries don’t go thru these levels but are resolved faster from a local cache.

Update, I ran the DNS test at Cloudflare Browser Check and my Firefox browser passed all 4 of the tests. So Secure DNS on Firefox seems to be working as advertised.

Test results here —> https://imgur.com/a/i5L7rMp

So if my DNS is now secure, and my traffic is going over HTTPS, is that kind of equivalent to using a full blown VPN?

How can I determine the location of the 1.1.1.1 DNS server Firefox is using?

Just use the cloudflare, not the other one. Quad9 is also a great option.

Not sure how to determine location of DNS queries on desktop, but for Android I use a program that shows country flags for DNS queries and found out I was using far away as well as close servers, and couldn’t use just one as it was somehow the same original IP address, but accoriding to the icon, going to two different places. Actually it was ip 4 getting to a local ipv6 address, but then would also use a far away server.

So I didn’t like that at all, and went back to regular dns. A lot of times I don’t really care if it is encrypted, and that slows it down or just requires more processing. HTTPS is enough for hiding page content from anything trying to read it.