The newest Chrome (Windows build at least,) supports DNS over HTTPS so that should you want it, even your ISP can no longer know exactly what you’re looking up (they can make a good guess if you’re not using a VPN but, that’s another story).
Type chrome://flags/#dns-over-https in the address bar or maybe click it (will depend on whether that works at publication time). Choose enabled. Relaunch.
It works as of Version 81.0.4044.138 (Official Build) (64-bit) on Windows and supposedly has been working since May 20th, which coincidentally I have been too. Will see if this works in Android in the morning.
Your DNS server will need to support DNS over HTTPS. If you’re using your ISPs DNS server it might support it and offer you a little more protection, however I’d suggest using a third party such as Cloudflare’s free DNS.
220.127.116.11 supports it should you wish to trust them (many don’t, but you know why would you trust ANY DNS server you don’t run in the first place?) You can plug 18.104.22.168 and 22.214.171.124 in as DNS and secondary DNS while leaving the rest of your IPv4 settings on DHCP.
Encrypting DNS requests makes it a more difficult to be sniffed at a coffee shop, or by a compromised IoT device and generally gets you around a bunch of consumer level routers designed to see if you’re visiting job or porn sites.
But in most cases it’s a middle finger to your ISP datamining you, selling that info, while overcharging you for internet service.
You can check afterward whether your DNS server supports HTTPS by heading to Cloudflare’s browsing experience security check page.[Via FC]