DNS is “domain name service”. Every time you look for, click on, or connect to something like cnn.com, foxnews.com, irs.gov, or umass.edu, it is part of the overall process for your application (maybe your FireFox or Chrome browser) and computer software, to ask “the internet address book”: a “dns server” for the actual IP address that is needed for your network software to actually make the connection. If it wished, that dns server can record your IP address, how often you visit and at what time of day or night. A profit minded operator of network services can make money by selling that information, particularly if they already know who you are; for example, if you registered to use Starbucks WiFi, or Verizon FIOS, or Xfinity Internet.
What can you do about it? It turns out you can select which dns services to use! https://1.1.1.1/ is one service that promises NOT to track you. Now it is true you have to trust them, just as using a VPN and avoid being watched by an untrustworthy public WiFi provider, everything you do is being watched by your VPN provider. [Hint: don’t trust the cheap and sketchy VPN provider based out of unfriendly countries.] The service at 1.1.1.1 are promising not to sell your information, but realistically if a law enforcement entity with a court order appears at their doorstep, they will have to comply with such obligations.
———-update 2019-01-23————
Many vulnerabilities in DNS remain exposed on the public internet, and this warning from DHS is a reminder to stay vigilant:
https://fcw.com/articles/2019/01/22/cisa-dns-hack-johnson.aspx which has a link to the letter from Christopher Krebs warning about DNS attacks.
The Department of Homeland Security issued an emergency directive Jan. 22 to nearly all federal agencies mandating cybersecurity actions to mitigate a global Domain Name System infrastructure hijacking campaign.
PrivacyWorkshop 
Even if you choose to use a DNS service that is not part of your internet service, the query itself is visible to your service provider and thus can be tracked. A bit of progress seems to be glimmering in google’s service that encrypts access to their servers at 8.8.8.8 https://thehackernews.com/2019/01/google-dns-over-tls-security.html . Ironically this does not protect you against google having access to all your DNS activities. From the article: “Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks.” Even if you use a VPN (virtual private network) you can test for DNS leaks as described in https://protonvpn.com/support/dns-leaks-privacy/ and at https://www.dnsleaktest.com/ .
LikeLike