I realized recently that my VPN's DNS requests were transmitted to my ISP's DNS server (even though my HTTP and HTTPS requests were properly transmitted via the VPN).
I did some research and have a couple of questions about the level of detail that an ISP is able to record.
My question is specifically about DNS requests. I am aware that there are other questions on this and related forums about the details that ISPs can glean from the HTTP and HTTPS traffic.
In terms of privacy, there is a significant difference in an ISP recording a user's DNS request to:
and a request to:
There is a difference between an ISP recording:
My understanding is that DNS queries from users to an (ISP's) DNS server will show the host (https://www.google.com/) but not the specific search term or any part of a URL after the TLD (e.g. .com). Is this correct?
I am asking about both HTTP and HTTPS although I can't see that there would be a difference for DNS requests.
In other words, an ISP can record the sites the user visited (via their DNS look-up logs), but cannot record the search query the user made in the search engine or the specific page(s) of a site that a user visited. To do so, the ISP would have to record the URLs when the user directly accessed the website pages. Is this right?