You are rightt that DNS encryption doesn’t hide the IP from the destination website and that’s a limitation by design. If the goal is full anonymity, then yes, a VPN or Tor is the way to go.

But I’d push back on the “futility” part. For me (and probably a lot of home users), encrypted DNS solves a different problem:

ISP Snooping & Profiling: Without DNS encryption, my ISP gets a complete log of every hostname I query. That’s valuable metadata even if the actual traffic is HTTPS. Encrypted DNS cuts them out of the loop.

Censorship & Filtering: Many ISPs or countries block sites by poisoning or hijacking DNS. DoT/DoH3 bypasses that without needing to route all traffic through a third party.

Performance & Control: Local caching with AdGuard means faster load times, plus I can filter ads, trackers, and telemetry at the DNS layer, something a VPN alone won’t do.

Reduced Trust Surface: With a VPN, I’m moving all trust to the VPN provider (and hoping they’re honest about logs). With encrypted DNS, I can split that trust between my own AdGuard instance and NextDNS, instead of funneling everything through a single exit point.

So in my view:

VPN = anonymity & hiding your IP

Encrypted DNS = privacy from intermediaries & control over resolution

They solve related but different problems. For “serious” privacy, I agree a VPN or Tor is needed. But for everyday use, encrypted DNS is a huge step up from plain-text queries and actually improves performance

Without DNS encryption, my ISP gets a complete log of every hostname I query.

With DNS encryption, your ISP still gets a complete log of every IP you visit. And from your IP log, they can easily get the host names if they want them.

In fact, I'd be surprised if they even bother logging DNS at all. It's much easier, more efficient and just as effective to log IPs.

Used by itself, encrypting DNS doesn't really hide anything and is thus an exercise in futility. Used with a more comprehensive solution like a VPN, it is even more so.