There's a "catch" you (or your lawyer, if it gets that far) can use as at least a partial defense - When you visit a site - *ANY SITE AT ALL*, regardless of whether it's the pureset, cleanest, G-rated-est site on the planet, or a site that serves up honest-to-god torture-snuiff-pedo porn, or anything you can imagine in between, you have *ABSOLUTELY NO CONTROL WHATSOEVER* what that site might trigger a DNS lookup for. Go to a cooking/recipes website, and you might, without ever knowing it, request lookups for anything from google's "urchin" (their stats/tracking/counting infestationware) server, or an image-hosting site for the picture of the nice fresh loaf of bread that the page displays, any number of ad servers, perhaps a server that hosts the code that puts a stock ticker across the top of the page you want to look at, any number of servers that ticker looks at to find out what the price of Ford stock is, some other site for the music that plays when you open the page, or pretty much anything else that you can imagine someone putting on a web page.
In other words, just because there's a record of a DNS lookup for "www.we-rape-four-year-olds-before-torturing-them-to-death-live-on-your-screen.xxx" on your machine is *NO* indication whatsoever that you've ever seen so much as a single pixel from a single frame of a kiddy-snuff movie - Just by virtue of how the internet works, it could be that your machine did indeed look up the address of the "evil" server - because something on the page you *WANTED* to see loaded something from who-can-even-guess-where as part of loading itself onto your machine in response to your request. That something may be operating on the same server as the kiddy-snuff site. Or it may in turn be asking a third server for a piece of the original "
www.how-to-make-a-loaf-of-bread.com" page you wanted to see to begin with. And so on.
In short, it's not only possible, but *VERY* likely for your attempt to load "
www.makechilifordinnertonight.com" or "
www.paintmycar.net/prices" to spawn dozens, possibly hundreds, and in some extreme cases, maybe even THOUSANDS of DNS queries that you, the person sitting at the keyboard, have absolutely no idea about, have no clue they're happening at all, and since they produce *NO* detectable output on your screen, therefore you have no indication that such requests ever happened.
TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "
www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
www.youtube.com
www.youtube.com
