Since the Snowden revelations, the DPRIVE (DNS Privacy Exchange) working group inside the IETF has been working on ways to make DNS, the Domain Name System, leaking less privacy related information (aka metadata).
Two new protocols from this working group are DNS-over-TLS RFC 7858 (DoT) and DNS-over-HTTPS RFC 8484 (DoH). Both protocols secure DNS queries between client systems and DNS resolver using encryption and authentication. DoT runs on a dedicated port 853, while DoH piggybacks on HTTPS (port 443).
While DoT was initially mostly ignored by OS vendors, ISPs and users alike, DoH was adopted by browser vendors (Mozilla/Firefox and Google/Chrome) and created heated discussions among security and privacy experts. Even to the point that governments discussing way to outlaw DoH.