The DNS data is still not encrypted over the wire, and clients could use their own local resolver which in turn uses the private resolver. This local resolver will most probably be designed with the assumption that DNS data is public.
Route53 private DNS is resolved over link-local addresses, so whether the responses are encrypted is irrelevant. They're specifically designed for private resolution within a VPC.
Link-local networking in VPC is specifically designed to secure data that is plaintext at the application layer (DNS). It’s effectively communication with the hypervisor, not over some untrusted link.
If you don’t buy this, I guess you should start encrypting all your syscalls too?
If you believe a piece of link local infrastructure is a good carrier to trust your data, I have some great broken switches you may be interested in buying.
Or if you insist on it being a virtual stack, how about some DMA engines with transient errors that mix up your packet headers from their payloads?
