It appears that Michael Thomas <mike@mtcc.com> said:
If you're one of the small minority of retail users that knows enough about the technology to pick your own resolver, go ahead. But it's a reasonable default to keep malware out of Grandma's iPad.
How does this line up with DoH? Aren't they using hardwired resolver addresses? I would hope they are not doing anything heroic.
Generally, no. I believe that Chrome probes whatever resolver is configured into the system and uses that if it does DoH or DoT. At one point Firefox was going to send everything to their favorite DoH resolver but they got a great deal of pushback from people who pointed out that they had policies on their networks and they'd have to ban Firefox. Firefox responded with a lame hack where you can tell your cache to respond to some name and if so Firefox will use your resolver. R's, John