I understand that point, to an extent. I mean, your TCP connection in the next step hits how many switches on the way? With which both your actual IP therefore location could be determined. Trying to hide subnet from just a resolver seems...small in the grand scheme.
And if that's your goal, why not proxy your dns requests? I'd surely have a VPN or at least DNS proxy if my threat model were that which you're trying to avoid.
And if that's your goal, why not proxy your dns requests? I'd surely have a VPN or at least DNS proxy if my threat model were that which you're trying to avoid.