You don't need DoH to avoid that. Just set up and use your own resolving proxy DNS servers and don't use the Virgin Media ones at 194.168.4.100 and 194.168.8.100 either directly or indirectly. (This means not forwarding to those servers, and not letting your DHCP client, in any of your machines, configure your system to use them when it gets a lease.)

Here is the difference between using Virgin Media's resolving proxy DNS servers and using your own:

    % # http://jdebp.uk./Softwares/djbwares/guide/commands/dnsqrx.xml
    %
    % dnsqrx a z398nvfsd0098u3qwtltnk. 194.168.4.100
    1 z398nvfsd0098u3qwtltnk:
    56 bytes, 1+1+0+0 records, response, noerror
    query: 1 z398nvfsd0098u3qwtltnk
    answer: z398nvfsd0098u3qwtltnk 0 A 92.242.132.24
    %
    %
    % dnsqr a z398nvfsd0098u3qwtltnk.
    1 z398nvfsd0098u3qwtltnk:
    40 bytes, 1+0+0+0 records, response, authoritative, nxdomain
    query: 1 z398nvfsd0098u3qwtltnk
    %

That last query didn't even escape the machine in my case. I run a private root content DNS server on every machine if possible. The query here got answered by a tinydns instance listening on 127.53.0.1:

    % tail -n 1 /var/log/sv/tinydns/current | tai64nlocal
    2020-08-26 09:37:44.305619726 7f000001:cfd9:f163 + 0001 z398nvfsd0098u3qwtltnk
    %

No-one gets to complain about (minuscule) extra load on the root content DNS server except me. It's my server on my machine. (-:

I've just realised my mistake, I needed to turn "use-peer-dns" off.

I did have my router setup to cache DNS requests to google and updated the DHCP config so everything would use my router for resolution, but virgin's DNS servers were still being pulled through as a "dynamic server" according to the RouterOS panel.

I thought Virgin was fiddling with my DNS requests even though I was sending them to a different provider.