[shabble]

> Unlike AdNauseam, Google can't do much to get in the way of Pi-Hole. This isn't within its ecosystem

Is there any reason they couldn't start ignoring system DNS resolvers for "key properties" in favour of using DNS over HTTPS to themselves "for your comfort and safety"? And use pinned keys for those DoH resolvers to stop you MitMing it.

You could maybe still transparently proxy things or firewall specific hosts, but that's a lot less straightforward and higher risk of collateral blockage.