[rocqua]

Agreed. Mostly regarding the part that DNS should be solved at the OS level. Encrypted DNS is a good idea, HTTPS seems like a questionable encryption layer, but it will serve. However, apps should not take DNS into their own hands.

DNS is part of a systems configuration. By setting it, you choose, and can change, your views of the internet. If all of a sudden, that view becomes inconsistent across apps, that is confusing. Moreover, if an application gives an unexpected view of the world (e.g. missing local domains, local redirects, or local blocks) that can have negative impact.

If we screw this up in our haste to secure DNS, we'll be stuck with another legacy half-solution our internet infrastructure. This is essentially taking on global technical debt to get secured DNS requests just a bit faster.