Centralised DNS Over HTTPS is bad for privacy in 2019 | PowerDNS Blog

Source: Centralised DoH is bad for privacy, in 2019 and beyond

also: DoH: (Anti-)Competitive and Network Neutrality aspects

DNS is one of four ways in which such meta-data gets transmitted in plaintext. … Because DoH does not encrypt anything that is not also present in plain text, there is nothing to remove from the list [of parties with access to your browsing activity]. Based on this, we can conclude that as it stands, using DoH to a browser-provisioned cloud provider effectively worsens your privacy position.

Additionally, that third party then gets a complete log per device of all DNS queries, in a way that can even be tracked across IP addresses.

Even if further privacy leaks are plugged, DoH to a third party remains at best a partial solution, one that should not be relied upon as a serious security layer, since it will be hard to plug everything, especially if non-CDN content providers survive.

Encrypting DNS is good, but if this could be done without involving additional parties, that would be better.