You are rightt that DNS encryption doesn’t hide the IP from the destination website and that’s a limitation by design. If the goal is full anonymity, then yes, a VPN or Tor is the way to go.
But I’d push back on the “futility” part. For me (and probably a lot of home users), encrypted DNS solves a different problem:
ISP Snooping & Profiling: Without DNS encryption, my ISP gets a complete log of every hostname I query. That’s valuable metadata even if the actual traffic is HTTPS. Encrypted DNS cuts them out of the loop.
Censorship & Filtering: Many ISPs or countries block sites by poisoning or hijacking DNS. DoT/DoH3 bypasses that without needing to route all traffic through a third party.
Performance & Control: Local caching with AdGuard means faster load times, plus I can filter ads, trackers, and telemetry at the DNS layer, something a VPN alone won’t do.
Reduced Trust Surface: With a VPN, I’m moving all trust to the VPN provider (and hoping they’re honest about logs). With encrypted DNS, I can split that trust between my own AdGuard instance and NextDNS, instead of funneling everything through a single exit point.
So in my view:
VPN = anonymity & hiding your IP
Encrypted DNS = privacy from intermediaries & control over resolution
They solve related but different problems. For “serious” privacy, I agree a VPN or Tor is needed. But for everyday use, encrypted DNS is a huge step up from plain-text queries and actually improves performance
jqpabc123•59m ago
In other words; encrypting DNS is an exercise in futility if the resulting IP is fully exposed.
Anyone who cares is fully capable of doing a reverse lookup if they must know the name of the domain you're connecting to.
The easy, all encompassing approach for the casual user --- just use a VPN as needed.
A decent VPN will encrypt DNS requests and route them through their servers --- thus obscuring all your "sensitive" network traffic.
https://whoismydns.com/
voioo•18m ago
But I’d push back on the “futility” part. For me (and probably a lot of home users), encrypted DNS solves a different problem:
ISP Snooping & Profiling: Without DNS encryption, my ISP gets a complete log of every hostname I query. That’s valuable metadata even if the actual traffic is HTTPS. Encrypted DNS cuts them out of the loop.
Censorship & Filtering: Many ISPs or countries block sites by poisoning or hijacking DNS. DoT/DoH3 bypasses that without needing to route all traffic through a third party.
Performance & Control: Local caching with AdGuard means faster load times, plus I can filter ads, trackers, and telemetry at the DNS layer, something a VPN alone won’t do.
Reduced Trust Surface: With a VPN, I’m moving all trust to the VPN provider (and hoping they’re honest about logs). With encrypted DNS, I can split that trust between my own AdGuard instance and NextDNS, instead of funneling everything through a single exit point.
So in my view:
VPN = anonymity & hiding your IP
Encrypted DNS = privacy from intermediaries & control over resolution
They solve related but different problems. For “serious” privacy, I agree a VPN or Tor is needed. But for everyday use, encrypted DNS is a huge step up from plain-text queries and actually improves performance