The goal is to make it more difficult for ISPs to snoop on your web browsing. Current DNS protocols like DNS-over-HTTPS (or DoH) use encryption to protect your browser’s DNS queries. ODoH goes a step further and prevents the DNS resolver from also knowing your web browsing.
Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Because the DNS query is encrypted, the proxy can’t see what’s inside, but acts as a shield to prevent the DNS resolver from seeing who sent the query to begin with.
To work properly, the proxy and DNS resolver should never be from the same company. Instead, the idea to have multiple companies run proxies so that a malicious entity can’t hijack the proxy.