nostr:npub1jvrgz7wf9fwftcqppnpyjplltlkcuwghc0pqf9wv3x8ds5zq5t4qmh8tkt I don't think so. This is just to establish a secure TLS connection.

The public key being intercepted in the unencrypted DNS response is not a concern since it's not meant to be a secret.

Now if one is using plain DNS, all the benefits of ECH are nullified: the adversary can just watch DNS traffic, instead of client hello messages, to figure out where the user is going.