Power DNS has a ha proxy/load balancer that does dns over https.  That way you're not limited to google's and cloudflare's dns servers which exist to drive advertising to you and give a single shource for tracking.

dns over https:  feh

On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <jra@baylink.com> wrote:
----- Original Message -----
> From: "John Levine" <johnl@iecc.com>

> In article <804699748.1254612.1570037049931.JavaMail.zimbra@baylink.com> you
> write:
>>Tools. Are. Neutral.
>>
>>Any solution to a problem that involves outlawing or breaking tools will.
>>Not. Solve. Your. Problem.
>
> I think in the outside world you'll find very little support for an argument
> that filtering DNS is fundamentally broken.
>
> Sure, you can do it in broken ways, but it's going to be really hard
> to persuade anyone that their lives are better if they have unfiltered
> access to the malware links in their spam.

I expect I would.

But this is not "filtering DNS".  It's "making a bodge-handed attempt to
REPLACE DNS (well, proxy it) for only one application/layer".

My problem isn't what they're using it for; it's that they've implemented
it so poorly.

I live down here in the trenches, John, where "it doesn't work" is the calibre
of problem reports I get.  When my tools say that "yes, it does", *I'm* the one
who takes it in the nads because Mozilla had a Better Fuckin' Idea.

That it will likely cause lots of 50,000ft problems to is just a cherry on the
top.

Cheers,
-- jra

--
Jay R. Ashworth                  Baylink                       jra@baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274


--
--Curtis