[__turbobrew__]

DNS queries are still leaked (from most users) regardless of end-to-end TLS. There is of course DNSSEC and DNS over HTTPS, but those are not used by the majority.

Another use case you missed is downloading/uploading pirated/copywrited content. Good VPNs receive DMCA notices and throw them in the garbage.

You are right that VPNs are not useful for many use cases and they can give users a false sense of security.

[easrng]

DNSSEC doesn't help privacy, it helps security.

[tptacek]

You mean it helps record integrity. The "security" story with DNSSEC is much more of a mixed bag than that; there's a reason it's very rarely deployed in the industry.

You're definitely right to point out that DoH helps with the VPN DNS privacy problem and DNSSEC doesn't.

[__turbobrew__]

Yes you are right. I meant DNSCRYPT.