[Perseids]

That is beside the point. What Firefox is doing is to actively distrust the DNS the ISP is advertising because of the bad practice of some ISPs. Even if the ISP would advertise a DoH endpoint, the same reasons for distrust would still exist (they only mention attacks at the ISP's DNS server or between the ISP's DNS server and the authoritative DNS servers).

Also note that DNS is one of those dinosaur protocols like email and usenet that have persisted from the early days of the internet, back when we could buy interoperable services from decentralized parties. Every service we buy today is centralized or even walled garden only, see Slack, Facebook, App Stores, AWS, etc. We currently just don't know how to build successful distributed ecosystems.

[walrus01]

People are understandably highly suspicious of DNS services and privacy issues with giant companies like Comcast, Verizon, Centurylink, etc. But I'd like to point out that there's a large number of small to mid sized ISPs where the final business management decisions rest with the individuals who also have 'enable' on the routers and core Linux/BSD server infrastructure.

There is such a thing as ethics in network engineering, and that term encompasses things like not attempting to MITM your customers' recursive DNS resolution queries, or monitoring/tracking/selling the data.

[kiriakasis]

Well, we never knew how to build a secure successful ecosystem. Between the various way to secure DNS this seems reasonalbe.