It doesn't have to be to their servers - they can just dump all data going anywhere on udp/53 from one of their routers. DNS isn't encrypted, anyone between you and whatever server you're using can see everything.