> My idea is designed to protect the exit node against a DNS attack from the
> owner of the DNS server. Not from the ISP or an attacker monitoring the
> traffic going in and out of the ISP data center.
So in this threat model you trust your ISP but not your DNS provider? Why not just use the ISP's DNS then? Combine it with a local caching resolver and call it a day.
I don't really see a compelling use-case for just inserting DNS noise and not following up with IP noise.
I'm interested in things like Google's DNS-over-HTTPS implementation:
https://developers.google.com/speed/public-dns/docs/dns-over-https. It encrypts DNS traffic on the wire. There are already some fairly good client-side implementations. However, we need other providers to put up DNS-over-HTTPS endpoints, since no one wants to trust Google.