So, I’d like to talk about DNS over HTTPS here to give my views on the topic. It has been making some news recently because Mozilla has added the ability to use it in their Firefox browser and Google is implementing it as well. As a result, Comcast has recently been trying to fight this. Claiming that their objection is the centralization of DNS to a few providers. This is a valid argument, however it being made by Comcast soils the argument a bit in my opinion. Comcast is fairly well known for the terrible service and overall bad reputation for how they treat their customers. So it is no surprise that many believe they are fighting it because widespread adoption would prevent them from being able to spy keep tabs on the sites their customers visit.
As I said before, it is a valid point to want to avoid centralizing all your DNS queries to Google or even Cloudflare. If you believe in a decentralized internet instead of continuing to feed the powerful internet giants more of your data, then DoH may be something you want to avoid for now. The problem in this relationship is trust. You’re giving the DNS provider all the sites you visit. Traditionally, that was usually a DNS run by your ISP, causing many different DNS to exist and being queried. If the big name browser all start pointing to a couple DNS for DoH, then those couple DNS providers are going to get a lot of data on a lot of people they normally would have quite limited access to.
All that being said, DoH isn’t a bad thing technically speaking. If you trust the DNS provider with that data, then it helps you hide what sites you are requesting from anyone between you and the internet (your ISP for example). Since many ISPs lobbied to allow themselves to collect and sell data about their customers recently, read Comcast again, that means DoH could prevent them from doing just that. Which will allow you to pick who to trust with that data instead of depending on your ISP to do the right thing. Since you have far fewer choices in an ISP, this could be a very good thing. The problem right now is the limited number of DNS providers that support DoH. The well known ones right now are CloudFlare and Google of course, but I’m sure there are other players in the game. Ideally, it would be nice if DoH became a standard communication for DNS servers. Then you could run your own recursive DNS that does DoH and not have to trust any 3rd party at all. Of course that isn’t the case today.
So to summarize, DoH isn’t itself bad, but because of the limited number of providers, and some would argue the current choices of providers, it may be something you want to avoid for now. If you aren’t currently willing to set your DNS settings to Google, then you probably don’t want to use them for DoH. Similarly is the case for Cloudflare. That doesn’t mean the adoption of the technology is bad, it is just where you place your trust.
Bryan's Blog 