Honestly all 3 options are fine;
- Cloudflare for a straight in replacement of regular DNS
- NextDNS seems to have adblock list at the dns level, it can be great but don't forget that it can break some bloated sites
- Last but not least you could use any other DOT (Dns Over Tls) provider, maybe some local internet freedom association is hosting one for you to use.
Note that this technology only encrypts the DNS queries and responses. So you still have to trust the provider with the answer and it can still track you. The advantage is when you try to access some domain name that regular DNS are hiding or are olbiged by law to block on your network. (ISP blocking) A good example is thepiratebay.org