I applaud the efforts to increase privacy,reduce data collection and hardened security. Do we really want a SPOF in Cloudflare for this though? A single outage (or AT&T snafu) and many millions of users would be affected.
Definitely don't want SPOF. Firefox has both soft-fail and hard-fail modes.. for a soft fail it will fallback to traditional port 53 DNS. Its likely that will be the most common deployment - you need it to deal with captive portals and other split horizon issues as well cloud uptime incidents. But there is a hard fail mode if that is suitable for your environment.
and of course defaults matter a lot, but you will be able to select your preferred DoH endpoint (or not use it at all). Firefox wouldn't lock something like that down.
The article clearly states a desire to ship more providers as soon as more providers exist. If you know of any other providers who meet the declared privacy choices (e.g. deleted after 24 hours) and protocol choices (e.g. DoH, TRR, QNAME min), please do let us know!
I think encrypting DNS transport is as important as the next guy (though DoH is bad), but am super unhappy about Mozilla apparently signing on with Cloudflare's ongoing fairly successful attempts to centralize the internet. Sure, they say they'll delete your data "within 24 hours" (they shouldn't be keeping it at all), but pretty soon they'll get a Nat'l Security Letter like everyone else does.
Which begs the question, do they have a canary page?
In any case, it would be unreasonable to require logging for more than that... even a week would be too much data for many ISPs. Also, they have to have some logging to be able to even try and troubleshoot a problem.
There is no need for cloudflare to be a single point of failure. Any ISP that is capable of operating a high availability bind9 cluster has sysadmins with the knowledge to implement DNS over TLS and DNS over https. The software is all either gpl, bsd, lgpl or Apache licensed.
and of course defaults matter a lot, but you will be able to select your preferred DoH endpoint (or not use it at all). Firefox wouldn't lock something like that down.