The scenario is that you want to resolve alice.example.com but you don't want the root servers or the .com servers to know any more information than they need to.
Historically you would send the whole query to all servers. Even the root servers would see the entire fully-qualified domain name (alice.example.com) even though all they're going to do is refer you to the .com servers. With QNAME minimization the root servers only know that you want something under .com and the .com servers only know you want something under .example.com and so on.
Now suppose the root servers don't do any kind of encryption but example.com supports DNSCurve or some other opportunistic encryption and so do you. Your ISP used to see the query going to the root servers or the .com servers and know the FQDN even if the query to example.com was encrypted. Now they don't.
Likewise, if someone is sitting on the root servers watching all the queries from everyone, they used to see FQDNs, now they only see top level domains.
I didn't have in mind that an ISP could have their own map of all zones where they simply map observed specific DNS traffic to the zones themselves because they know which server is responsible as well.
> Your ISP used to see the query going to the root servers or the .com servers and know the FQDN even if the query to example.com was encrypted. Now they don't.
In practice your recursive resolver either is your ISP (in which case this helps nothing) or is outside of your ISP (and your ISP can't see its queries). The only realistic privacy leaks that is addresses is leaking subdomains to the root servers and other delegating servers higher up the chain an their network operators.
The scenario is that you want to resolve alice.example.com but you don't want the root servers or the .com servers to know any more information than they need to.
Historically you would send the whole query to all servers. Even the root servers would see the entire fully-qualified domain name (alice.example.com) even though all they're going to do is refer you to the .com servers. With QNAME minimization the root servers only know that you want something under .com and the .com servers only know you want something under .example.com and so on.
Now suppose the root servers don't do any kind of encryption but example.com supports DNSCurve or some other opportunistic encryption and so do you. Your ISP used to see the query going to the root servers or the .com servers and know the FQDN even if the query to example.com was encrypted. Now they don't.
Likewise, if someone is sitting on the root servers watching all the queries from everyone, they used to see FQDNs, now they only see top level domains.