DNS over TLS uses a new port. If you're on an enterprise network, its firewall probably blocks that port.
DNS over HTTPS is being discussed to resolve that problem. The downside is it doesn't really exist yet.
DNSSEC doesn't do anything for query privacy (in other words: most of the reasons you'd use DNS-over-TLS aren't addressed by DNSSEC). DNSSEC is a bad standard whose primary impact on the Internet would be to replace the LetsEncrypt CA system with a PKI run by world governments. That sounds like something InfoWars would say, but I promise you, DNSSEC is weirder than InfoWars.
What is the point of "query privacy" when browsers send host addresses in plaintext (SNI) and destination IPs are still visible to the internet provider?
Layering DNS over TLS (or anything else) is meaningless, it increases RTT (and thus response time) without any benefit for most users.
It's mostly for preventing DNS response integrity I'd say.
Using DNS over HTTPS or over TLS to hide traffic from your ISP is utterly meaningless. I don't know why people are advocating it for 'privacy' from your ISP.
For privacy, one would just use a VPN for all their traffic and using DNS over HTTPS matters much less, given that the DNS resolver is also being routed over the VPN connection (if it does at all).
The only use I see is that if you're visiting a HTTPS website, and it doesn't have HSTS (or if you're visiting a website with HSTS for the first time), it prevents phishing (for less tech-savvy since one would notice that it won't be TLS) people.
This use is further diminished if Firefox and other browsers start implementing the HSTS preloading[1] feature like Chrome, and people actually start submitting their domains for inclusion. Which I don't see happening soon, so it has some use case.
DNS over HTTPS is being discussed to resolve that problem. The downside is it doesn't really exist yet.
DNSSEC doesn't do anything for query privacy (in other words: most of the reasons you'd use DNS-over-TLS aren't addressed by DNSSEC). DNSSEC is a bad standard whose primary impact on the Internet would be to replace the LetsEncrypt CA system with a PKI run by world governments. That sounds like something InfoWars would say, but I promise you, DNSSEC is weirder than InfoWars.
For now, the right answer is DNS over TLS.