So its all as clear as mud!
Interesting article on How To Geek.
Basically, there are three issues down to implementation choices.
1) The protection of DNS traffic, in this respect the only real difference between DoT and DoH is the use of different TCP/UDP ports.
2) How a client selects a DNS service.
3) The default out-of-the-box behaviour and the extent to which it can be overridden.
These last two are in the hands of the developer and I think aren't specified in the RFC.
Mozilla have decided that Firefox will default to using the Cloudflare DoH service and thus bypass host system DNS settings, the user has to actively either change the default DoH server (can still bypass host system DNS settings) or disable DoH (and use host system DNS).
Google with Chrome are saying that they will use the host systems DNS server using either DNS or DoH depending on what that DNS server supports.
Microsoft are saying they will implement DoH at the OS level, ie. the Windows network client will natively support communications over DNS or DoH depending on the DNS server configuration - I assume there will be some security protocol/procedure that will enable a client system to negotiate an appropriate level of communication security (I wonder if the MS solution will also include DNSsec).
Biting the hand that feeds IT
