Re: Dear Police
That depends on the viewpoint. Looking at DNS as the distributed network service that it was designed to be, the main thing wrong with DoH is that it doesn't allow for caching name look ups at a local LAN gateway. Even on the local machine, the DoH look up cache is only accessible to Firefox and not useful to any other apps. Forcing all name look ups through a bottleneck at Cloudfare is not the answer.
I am very much an advocate of DNS privacy through encryption, but DoH, particularly when implemented in an app, is a half measure at best. We need DNS over TLS implemented in the OS resolver and allowing for a caching DNS server at the LAN gateway that uses DNS over TLS for all forwarding. Firefox, and all other client apps, should keep their hands off. Rather than implementing their own internal DNS client, why doesn't Mozilla contribute to getting DNS over TLS implemented in glibc? DoH is really counter to the distributive nature of DNS.