You can get a lot of metadata from DNS lookups.

Traditional DNS is just simple UDP. There is no authentication of authority.
There are actually DNS attacks where - if you are intercepting the traffic - you can reply faster than the actual DNS. At which point the client will trust whatever you return as it arrived first.
Indeed, that’s how multiple DNS addresses work. Your computer will yeet a request to all configured DNS. First response gets used.

Also, as it’s unencrypted, anyone that can snoop the traffic can see what domain names you are requesting.

There are a few standards that are working to solve this including DoH (DNS over HTTPS) and DoT (DNS over TLS).

DNS gives your PC all the info on how to contact Domain Names like reddit.com or phtn.app. Your PC does that a lot and all the time. This connection is normally not verified or checked or encrypted. If you didn’t touch your DNS configuration you probably use your provider’s DNS server. So they know which services you use, which OS, where and when you go to which pages, and because there is no encryption anyone else may know or even change that, too. Instead of sending you directly to reddit.com a malicious entity might want to send you to another server first to do bad stuff. This is what makes it not secure.

You can see a DNS server as a phone book for your computer. Your computer needs to seek a connection to an ip address to display a website for example. But you as a user only knows the url of the website. So your computers asks the dns server which ip address it should go to.