TLS uses session tickets that can be tracked. If it is not already done, then GOS should introduce session ticket disablement or rotation on per-connection basis for DNS-over-TLS (system-wide) and DNS-over-HTTPS in Vanadium. Doing so would slightly reduce performance, but increase privacy. It should also help those using DoT with VPN with preventing out-of-tunnel session tickets being identical to in-tunnel session tickets.
DNSCrypt-Proxy is one program that allows disablement of such tickets and serves as an example that it can be done.