[josteink]

The criticism (which you seemed to miss) is that everyone is rushing to implement this at the application-level(s), instead of contributing to get it implemented, once, at the OS level instead and have a fix in place for everyone.

[pjc50]

How do you get the three big closed source OS vendors to do this in less than a decade?

Not to mention that DNS over HTTP is one of the class of features where you might want to override sysadmin policy as a user.

[josteink]

> Not to mention that DNS over HTTP is one of the class of features where you might want to override sysadmin policy as a user.

I don’t buy that argument at all.

Why should we special case policies of one internet-protocol over all the others?

Also: implementing/marketing DoH as a way to bypass enterprise control and policies is a surefure way to find it permanently blocked at firewall level in said enterprises.

Ie your attempt at subverting control won’t gain you anything but deserved distrust.

[dimkr1]

nss-tls is "at the OS level". It makes getaddrinfo(), etc', use DoH behind the scenes, so applications are transparently migrated to DoH.

I think you missed the nss-tls README and think nss-tls is not at the "OS level".