Problem:
"The DNS is one of the most significant leaks of data about an individuals activity on the Internet...Note that even when using a VPN some VPNs will still leak your DNS queries by sending them unencrypted to your ISP." http://dnsprivacy.org/the_problem/
Solution:
"DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks." DNS over TLS - Wikipedia
Stubby (DNS Privacy Daemon):
"'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy." http://dnsprivacy.org/dns_privacy_daemon_-_stubby/
More info: