DNS works as Internet’s phone book that resolves human-readable web addresses. DNS queries and responses are sent in clear text (using UDP or TCP) without encryption. To enjoy full anonymity, users are still required to use a trusted secure VPN service in combination with DNS-over-TLS protocol. Google is reportedly adding “DNS over TLS” support to the Android Open Source Project (AOSP), currently at an experimental stage, to allow smartphone users to turn on or off DNS feature.
Source: https://thehackernews.com/2017/10/android-dns-over-tls.html