I've been pushing all my DNS traffic over a VPN, transparently, for the whole house, for years now (by setting the VPN remote IP as the upstream resolver on my router).
It seems the only advantage of DNS-over-HTTPS is that it does DNS over TLS on port 443, which is harder for militant netadmins to block.
It's definitely a solution to a niche problem, but if we really want to encrypt DNS at scale then we could do it easily enough by introducing DNScurve to the SOHO market.
When you run DNS requests over VPN, you are sharing your "browsing history" with (at least) 1 other third party: whoever runs the VPN server, and whoever runs the (public) DNS server.
Your ISP can see the IPs you connect to regardless of whether you use your ISPs DNS server or not (unless of course you tunnel ALL traffic of all clients through the vpn as well.)
DNS through a VPN is only a partial solution though, right? Even if there's a recursive/caching resolver within the VPN (so _my_ direct DNS requests are private) any DNS requests outbound from the VPN go through global DNS.
But, I guess same problem for DNS-over-HTTPS currently.
It seems the only advantage of DNS-over-HTTPS is that it does DNS over TLS on port 443, which is harder for militant netadmins to block.
It's definitely a solution to a niche problem, but if we really want to encrypt DNS at scale then we could do it easily enough by introducing DNScurve to the SOHO market.