Re: I'm confused
> Admittedly, you reveal this initially only to your ISP, but your ISP is likely to be the principal culprit in pervasive monitoring.
True; but you don't *have* to use your ISP's DNS services.
Now whether you'd trust Google or OpenDNS with their handling of your query history is another thing again. So this requires some privacy-conscious DNS services to spring up - which you either pay to use, or somehow trust their public-spirited efforts.
If you're going to go that route, arguably you could just use something like IPSEC or (D)TLS to protect that traffic. But in the real world, people are behind NAT and on dynamic IP addresses, so maybe it makes sense to do this as a DNS extension.
