[walrus01]

It does not need to be centralized at all. Any internet service provider with a modicum of Clue can install a DNS over https frontend listening on the IPs of their recursive resolvers, and pull data from their existing bind servers.

This does not contain any sort of proprietary or non free software. People are free to ignore the content delivery Network provided recursive resolvers, and set up their own.

[Perseids]

That is beside the point. What Firefox is doing is to actively distrust the DNS the ISP is advertising because of the bad practice of some ISPs. Even if the ISP would advertise a DoH endpoint, the same reasons for distrust would still exist (they only mention attacks at the ISP's DNS server or between the ISP's DNS server and the authoritative DNS servers).

Also note that DNS is one of those dinosaur protocols like email and usenet that have persisted from the early days of the internet, back when we could buy interoperable services from decentralized parties. Every service we buy today is centralized or even walled garden only, see Slack, Facebook, App Stores, AWS, etc. We currently just don't know how to build successful distributed ecosystems.

[walrus01]

People are understandably highly suspicious of DNS services and privacy issues with giant companies like Comcast, Verizon, Centurylink, etc. But I'd like to point out that there's a large number of small to mid sized ISPs where the final business management decisions rest with the individuals who also have 'enable' on the routers and core Linux/BSD server infrastructure.

There is such a thing as ethics in network engineering, and that term encompasses things like not attempting to MITM your customers' recursive DNS resolution queries, or monitoring/tracking/selling the data.

[kiriakasis]

Well, we never knew how to build a secure successful ecosystem. Between the various way to secure DNS this seems reasonalbe.

[djsumdog]

In this blog post, Firefox should encourage people who know how, to run their own. Maybe even provide/maintain some docker images for us tech heads.

I agree that immediately promoting CF doesn't seem like the best genuine idea for those who are still a part of the Firefox/Mozilla community.