How does DNS over TLS prevent your ISP from seeing the websites you visit?

It doesn't. DNS over TLS is not designed to keep your privacy from ISP. Like HTTP, DNS is vulnerable to MITM. DNS over TLS provides the same level of security as HTTPS.

As DNS over TLS is encrypted, your ISP can't see the domains you query for but they don't have to. TLS uses Server Name Indication, a TLS extension which appears on the outside of HTTP host header. SNI field contains the domain name of the server you want to talk to. Once you visit that site, your ISP can see that unless you use a VPN.

Cloudfare has recently released support support for encrypted SNI(ESNI) for the websites that are hosted by Cloudfare. This actually prevents your ISP from seeing the site you visit provided you are also using DNS over TLS. But for ESNI to work browsers have to natively support it. Mozilla landed support for ESNI in Firefox Nightly, so you can now browse Cloudflare websites without leaking the plaintext SNI TLS extension to on-path observers ISPs, coffee-shop owners, firewalls.

Using DNS over TLS will prevent the ISP from reading/altering your DNS traffic.

With unencrypted DNS, an ISP can monitor your DNS traffic or redirect the traffic to their own DNS server. (I'm not sure if this is ever done in practice)

To hide the websites you are visiting, you will need to use a VPN, which will prevent the ISP from seeing the true destination of your traffic.