To get IPFire using DNS over TLS to the DNS servers you have selected then first change the protocol drop down box from UDP or TCP to TLS. This is on the Domain Name System menu page under Network.
Then you will need to edit each of your selected DNS servers and ensure that you have the correct TLS Hostname entered. This entry is not required for UDP or TCP and so is often left blank by people but it is required for TLS to work properly.
If any of them are blank then find the correct hostname from the wiki page
in the DNS-over-TLS service section.
After editing all servers, if you press thge Check DNS Servers button then all the servers should show up with a green OK status.
This now ensures that IPFire is using DNS over TLS for all DNS communication from IPFire to DNS servers in the internet.
To ensure that clients on your lan behind IPFire are using DNS over TLS then this needs configuration on each client.
On Linux clients then you need to turn on the DNSOverTLS line in the config file of whatever resolver is being used such as systemd-resolved or stubby etc.
I don’t know how to do this for Windows, as I don’t use it, but it should be searchable for. Maybe search for “windows 11 DNS over TLS” or something similar.