I am wondering if an ISP or network admin on my network would be able to change where a DNS server is located at (ex: if a DNS server is located at 132.192.175.210, the ISP/netadmin can redirect it to their own server at 11.29.102.201 to change where the DNS records point to). Does DNSSEC and DoH/DoT combat this, and how? Why is it safe to use a domain for DoH/DoT if it requires going through insecure DNS to get to a secure DNS?
Yes, easily. DNS over HTTPS is the most common fix for that.
The other thing to consider of course is that if you use DoH/DoT, you still have to trust THAT DNS authority. All you’ve guaranteed is that a secure lookup and response transaction has hit their server, not that their server is providing an authoritative result and the operator isn’t storing/selling your requests.
I believe your ISP can modify the default DNS of you router so when you connect through DHCP a device it will set that DNS, but if you manually set the DNS in your device ISP can’t notice it.
They can modify the DNS packets still. They aren’t encrypted or signed so the authenticity of a response packet cannot be verified. Parental controls from ISP relay on being able to snoop and modify your DNS (and SNI from TLS ClientHello packets).