In article <804699748.1254612.1570037049931.JavaMail.zimbra@baylink.com> you write:
>Tools. Are. Neutral.
>
>Any solution to a problem that involves outlawing or breaking tools will.
>Not. Solve. Your. Problem.
I think in the outside world you'll find very little support for an argument
that filtering DNS is fundamentally broken.
Sure, you can do it in broken ways, but it's going to be really hard
to persuade anyone that their lives are better if they have unfiltered
access to the malware links in their spam.
+1 that dns tricks serve a real netops / secops purpose.
Also, google and its paid friends Firefox and Cloudflare — while offering service to the public, are not contractually liable to provide any meaningful SLA to subscribers of DoH or DoT. Customer service at 8.8.8.8 is what?
That said, it is the ISP that takes the call $ when these “free” services go down. And, google and Cloudflare have gone down at large scale in recent memory. Thats all fine and dandy today for 1.1.1.1 and 8.8.8.8, since you need to dig pretty deep in your network config to set it. The blast radius is global for this type of default dns. I know FF has said they want DoH to be default, but Google have simply said “we’ll see” — which is a cause for concern.
Finally, whenever it is free, YOU are the PRODUCT.