Ok, so the big selling point of CloudFlare’s DNS (besides being super fast), is that it keeps your ISP from tracking which sites you go to because you’re not using their DNS servers.
I have some issue/questions about this, because I don’t totally by into it.
All packets on the Internet have a destination and source IP address, and this is in the clear. I must be, so that all routers must know where a packet is going to be able to properly router it.
Since your ISP is the first external node all your packets hit, then they automatically know who you are (they assigned you that source IP address after all) and where you are browsing (the destination IP address). So all then need to do is a reverse IP address lookup to the get Domain name your accessing.
Even with Encrypted DNS (DoH), while the Domain Name you are looking up is encrypted, the subsequent data packets your browser, email, app, etc. uses to access that web site is still in the clear. As I said before, it MUST be in the clear to get properly routed.
So while CloudFlare flushes all DNS requests after 24 hours, and you can use DoH for your DNS lookups, I don’t see how this helps keep your ISP’s snooping eyes out of our browsing habits.
Did I miss something, or is this just all marketing hype?