Privacy advocates may be in for a little reward from Android. New commits to the Android Open Source Project indicate that DNS over TLS may be coming to Android Oreo as early as version 8.1. Instead of sending domain names and IP addresses in plain text, traffic to and from DNS servers will be encrypted similarly to HTTPS traffic.
Any data sent back and forth from domain name servers with TLS enabled is unreadable by internet service providers, preventing easy tracking of users’ browsing habits. However, simply switching to DNS over TLS does not protect your data completely. The operator of a DNS server can still log queries and potentially attribute them to specific users.
Service providers may no longer be able to see DNS requests and responses, but are still able to determine which remote servers have been used via Server Name Indication. A handshake must occur with a domain name server in order to use it, allowing an ISP to see the handshake and associate it with your name.
If it is privacy you are interested in, using a trusted VPN service is still more effective at protecting your browsing. Combining DNS over TLS with a VPN is also a safe option, but may not provide any greater amount of protection.