You might not consider that "quite limited", but that is likely because of a different interpretation of "private DNS".
Private communication is something that only the two (or more) parties communicating are privy to.
With HTTPS, the risk is reduced to CA compromise. With DoH, the risk is the company running the service on top of the CA compromise.
The parties communicating are the root/TLD name servers and me. Private DNS is DNS where nobody sees any of my DNS traffic, except for the root resolvers (which thus become the target of potential privacy breach).
Any intermediary means that they can see your data, but if they are centralized in only a few places, it's a bit beside the point. But then again, if they are so small that only a handful people use them, your traffic will be simple to filter out.
Finally, how do I set up my system to use any of these half-solutions for all DNS requests today?
I'd still prefer a DNS-over-Tor solution if anyone came up with it.
Private communication is something that only the two (or more) parties communicating are privy to.
With HTTPS, the risk is reduced to CA compromise. With DoH, the risk is the company running the service on top of the CA compromise.
The parties communicating are the root/TLD name servers and me. Private DNS is DNS where nobody sees any of my DNS traffic, except for the root resolvers (which thus become the target of potential privacy breach).
Any intermediary means that they can see your data, but if they are centralized in only a few places, it's a bit beside the point. But then again, if they are so small that only a handful people use them, your traffic will be simple to filter out.
Finally, how do I set up my system to use any of these half-solutions for all DNS requests today?
I'd still prefer a DNS-over-Tor solution if anyone came up with it.