I don't care much for ad hominem, and can't understand why someone would be so incalcitrant about something as simple as a three string install invocation, producing a working, running instance of BIND, and then just a couple of configs like pointing your resolver to that daemon and placing something like search . on top in your /etc/resolve.conf because it really can be that simple to make such a huge difference in the autonomy that you'll enjoy - let alone safety.
This is simply what you do, or it was for decades, without even thinking twice. Why that tends to elude many folks completely escapes me - why wouldn't someone do this?
And Diane's suggestion of incorporating Dnsmasq is just a lighter weight version of that.
I simply do not find it plausible that a couple of sysadmins were unable to just whup it out in the course of yawning with half their brain tied behind their back.
These simple basics just aren't given adequate coverage in curriculum during this culture of containerization.
Heck, we've only been using DNS since 1985.
The question that the OP asked was about securing ones communications over public WiFi. It may not be what everyone should do (as one person dismissed), although it is indeed something that everyone should consider.
Here's a little litmus test:
The next time you (the proverbial you, no one in particular here) happen into a large, busy Starbucks, look around for that person, you'll see them. You're looking for someone who is inconspicuously conspicuous (maybe it's the blue mohawk; the safety pin through the nose; the anarchist laptop stickers; the pocket protector and Google glasses), and your spidey sense will tingle.
Now... Look at the room from their perspective...
Now tell me what you think you should be doing for your security :)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.