[markoutso]

How hard can it be for Firefox to embed its own recursive resolver that talks only to the root servers? If you are really concerned about privacy that’s the only way to go. Other than that it makes little sense to me to trust one company over another.

[bityard]

Why do I want an application doing its own DNS resolution at all when that's actually the job of the OS?

[josephcsible]

Ideally you wouldn't. But until operating systems default to using DoH with a trusted resolver themselves, this approach is the lesser of the evils.

[markoutso]

If you think that users can setup-configure their dns servers then this feature (DOH) is completely useless.

I guess the point is valid for users that don't want / are not allowed / cannot configure the dns server of their operating system.

[autoexec]

I'd have less issue with this is Mozilla ran the servers themselves. I already put a lot of trust in Firefox, I have zero reason to trust cloudflare.

[josephcsible]

This wouldn't solve any of the problems that DoH does, because DNS queries issued by a recursive resolver are themselves in cleartext and so vulnerable to a hostile network.