Connecting with https prevents any DNS poisoning, unless the ISP managed to get a fraudulently issued certificate or a MITM root CA installed on the end users' devices. Neither seem likely.