Private DNS is a new feature in Android P, which allows you to globally override the DNS settings (received from your carrier, hotspot provider etc.). This means that the said carrier’s or provider’s DNS servers will not be able to log your browsing habits.
It all started with this blog mentioning HTTPS MITM possibilities. Quote:
Do you really believe you have end to end secure connection with your bank when you access your account from the office? Think again.
This got me into some research, especially after a few days later an announcement from CloudFlare came out. Here are the results: there are at least two scenarios for TMITM (Trusted Man In The Middle) HTTPS interception.