For those wanting a bit of privacy, you can run your own DOH server[0]. Be aware that the upstream requests can still be tracked, but additional safety steps can be taken such as hosting your own dns resolver (bind/powerdns), sending dns/doh queries over a vpn or tor connection, or spanning queries over multiple sources. Each has its own security and privacy implications, which is beyond the scope of this comment :)

[0] https://github.com/DNSCrypt/doh-server

▲

mrweasel 3 days ago | parent [-]

Running your own DOH server comes with it's own set of risks, depending on your adversary. If you're the only person using a DOH server, then any requests that server make must belong to you. I'd argue that it's better to use a public server and hide in between the other users.

	▲	cortesoft 2 days ago \| parent [-]
		My main issue with DOH is failing to honor my internal DNS overrides to provide local addresses for services on my local network (externally the DNS entries point to the external address but internally the LAN address) It is so annoying fighting against DOH for this