I agree with you, but the counterargument that'll be made against you is "you should be doing that on the endpoints".
That counterargument ignores the fact that you can be the owner of an endpoint but not be permitted, by manufacturer's policy, to control the software running inside. That's what you get for purchasing a proprietary device.
So, as the network operator and owner of the endpoints in the world of DoH (and pinned certificates), you end up being left with the decision to "vote with your wallet" and simply not purchase devices that don't afford you influence on name resolution (or whatever functionality we're talking about)
The counterargument goes on to say that the manufacturers of these sealed-box devices can functionally do this today anyway simply by implementing their proprietary name resolution (content delivery, etc) protocol.
My partner has a Google Chromecast. Please tell me how I can configure it to use a DoH server I want, rather than the one dictated by Google. How about the video intercom systems in my apartment building? How can I configure them to use servers I trust rather than an unknown?
> My partner has a Google Chromecast. Please tell me how I can configure it to use a DoH server I want, rather than the one dictated by Google. How about the video intercom systems in my apartment building? How can I configure them to use servers I trust rather than an unknown?
Devices you don't control are under no obligation to follow your network's DNS policy, or even use published protocols for name resolution at all.
That counterargument ignores the fact that you can be the owner of an endpoint but not be permitted, by manufacturer's policy, to control the software running inside. That's what you get for purchasing a proprietary device.
So, as the network operator and owner of the endpoints in the world of DoH (and pinned certificates), you end up being left with the decision to "vote with your wallet" and simply not purchase devices that don't afford you influence on name resolution (or whatever functionality we're talking about)
The counterargument goes on to say that the manufacturers of these sealed-box devices can functionally do this today anyway simply by implementing their proprietary name resolution (content delivery, etc) protocol.
It was all fun while it lasted.