you can use hostfile to override DNS, always. hostfile comes before DNS query always unless you've done something fucked up.
Becomes a matter of diligence, else "ignore" validation failure
With that said it's easier to stand up a private DNS server to override the hostfile assuming you gaf about more than one system. Ultimately if DNS goes AFK, we're in a SHTF situation and network participation becomes much more complicated.
Regarding what NEAnon states, agreed, although exportation/trusting of trusted root CA's is an option, not simple for most network participants.
Regardless, there are alt DNS services that remain available (1.1.1.1, 8.8.8.8) off the top of my head, more exist, as well as private options e.g. building a DNS server within an AWS VPC, resolving to local +2 resolver which have significant SLAs associated as nothing in AWS would work without that system, that could be leveraged… doing so, again is not necessarily a simple task for all network participants..
TLDR: If IP routing exists for port 53 UDP, then DNS will work… with some additional caveats around DNSSec if it matters to you. You might just have to change the DNS Server you're pointing to. All assumes OSI levels 1-4 available (/me looks at NEAnon here)