Since it is the task of the router to route DNS requests and send you to the right address; your Internet service provider can see every page you surf to.
Well they have to, because you want to get to bjoernvold.com
This makes the ISP's some kind of semi God's and it is not always clear if the people working there are sensibilized regarding this responsibility and implications.
Yes but I use DNSCrypt you say?
Well that won't help because the the ISP needs to route the IP address.
If you wanted to visit bjoernvold.com, your computer would first make a DNS query to your DNS resolver asking "what is the IP address for bjoernvold.com". Once it gets the response, your computer would then send a packet to that IP address. Your ISP would then read that IP address and route it to its destination. So an ISP needs to know every site you visit, because it's the only way it can get you there.
So is there a way to have some privacy from the ISP?
Yes! If you add a VPN to the equation then your ISP will be "blind". The DNS traffic will not reveal anything and the ISP will only see that you connected to the VPN but not where you go from there.
You can use https://www.hidemyass.com/ as your VPN or another VPN service. In some routers you can activate hidemyass as a VPN tunnel.
The same thing goes for Tor - your traffic will not be visible to the ISP; They will only see the Tor entry node.
Without DNSCrypt your traffic could still be registered by your ISP - but not with it.
So the router is designed for the ISP to get you to the right address - therefore the ISP will always know the first address you visit - but after that it is still possible to hide your traffic.
