Whenever you visit a website, even if you are using a site with SSL, the DNS query that converts the web address into an IP address will be sent unencrypted.
DNS over HTTPS (DoH) encrypts the request so that it can’t be intercepted or hijacked in order to snoop on users or swap out the real URLs for malicious sites.
The process works by using third parties to query the URLs. Companies such as Cloudflare and NextDNS are part of the set-up in Firefox and process the DoH queries. From the end of February 2020 Firefox will enable DoH by default for users in the United States.
In the UK, GCHQ has issued a warning about the plans for DoH by default for new encrypted browsers, saying it could increase the risk of cyber-attacks and impede police investigations.
DoH, when enabled, ensures that your internet service providers cannot collect and sell personal information related to your browsing behavior. However, only certain parts of the DNS lookup process are encrypted, and ISPs will still be able to see which IP addresses their users are connecting to.
Unless you live in the United States and are using Firefox DoH will not be turned on by default, however, it is currently available as an option in most popular browsers.
Currently, even with DoH enabled these browsers will only send encrypted HTTP requests if the DNS server is able to process them. If not it will continue to send requests unencrypted.