I've been using OpenWRT with DoH (dns-over-https) for a long time already, currently OpenWRT seems already fixed these dnsmasq vulnerabilities at master-snapshot branch. Since I'm still using the stable 19.07.x branch, I'm pulling out my dusty RB750Gr3 (MikroTik ROS not using dnsmasq) to use as main RG until these poo-poo settle down ...
It's been a loooong time since I last played the ROS toys, took me a while to setup my UniFi-home with DoH on AdGuard :
ASUSWrt annoucement at SNB will fix it soon :
Update 29Jan'21 : ASUSWrt beta fw released fix dnspooq :
RT-AX55 running ASUSWrt beta fw confirmed using dnsmasq 2.84 :
ASUSWrt-Merlin's current latest 386.x-beta5 already patched :