With unencrypted DNS it’s dead easy to redirect to your own resolver. In fact, if you’re trying to enforce DoT or DoH on your LAN it can be good practice to do this to ensure that rogue applications aren’t bypassing your resolver.
I don’t think ISPs really do this though currently.
Fun unrelated backstory: I found a website that resolves DNS records using 1.1.1.1 over DoH in JavaScript. I had to flat out block connections to 1.1.1.1.
With unencrypted DNS it’s dead easy to redirect to your own resolver. In fact, if you’re trying to enforce DoT or DoH on your LAN it can be good practice to do this to ensure that rogue applications aren’t bypassing your resolver.
I don’t think ISPs really do this though currently.
Fun unrelated backstory: I found a website that resolves DNS records using 1.1.1.1 over DoH in JavaScript. I had to flat out block connections to 1.1.1.1.