The Domain Name System (DNS) protocol was built for incredible speed, as we couldn’t possibly remember the IPv4 addresses of the websites we visit — not to mention their IPv6 addresses. However, therefore security was sacraficed — this means, the DNS protocol is entirely unencrypted and susceptible to all sorts of attacks, like MITM attacks and spoofing. In order to solve the security issue, DNSCrypt and DNS over HTTPS have been created, however, they can’t be used without custom client software.
Furthermore, by default, you’re using a DNS server managed by your ISP, who might censor and almost certainly log, so it’s recommended you change your DNS server.
In order to solve the security issue of DNS, DNSCrypt was born. The DNSCrypt project is entirely open-source and the protocol specification is publicly available. However, in order to use DNSCrypt you need custom client software.
OpenNIC is an open and democratic alternative DNS root, which also resolves custom TLDs like .bit, .lib, .coin, .chan, .libre, .o, .priate, .geek, and many more.
If you want to benefit from the security of DNS over HTTPS (DoH), you can set up custom client software, like the doh-proxy by Facebook.
The Google Public DNS permanently logs your ISP and location information for analysis. Additionally, your IP address is also stored for 24 hours. Furthermore, Google is a US-based company.