I manage a number of authoratative nameservers with the recent DNS over HTTPS Firefox changes, have been looking into DNS privacy.
I have DNSSEC configured for a couple of zones (not privacy related obviously), however I understand there can be some value in providing DoT and DoH for these nameservers also. Obviously the key issue that these two protocols resolve is client->isp related and at the moment the only use case is to pin the end user device/browser/router to a single recursive resolver. It would appear the dust has yet to settle on the best practice for encrypting queries to authoritative nameservers.
I would expect the bulk of DoH or DoT queries to my authoritative nameservers to come from Cloudflare (rather than the clients themselves), and I see in this blog that there was a pilot with Facebook using DoT: https://blog.cloudflare.com/dns-encryption-explained/ , should I take this to mean that Cloudflare intend to or already do resolve 18.104.22.168 using DoT?