[godelski]

I find it also a bit frustrating because browsers may even ignore your network's DNS settings so you can easily get unexpected behavior (yes, I know it's expected if you are a domain expert but I'm not and it shouldn't be surprising when users are shocked that they implement a pihole and see their machine is using a different DNS than expected. I'd actually expect novice users to be surprised in this case)

[hulitu]

> browsers may even ignore your network's DNS settings

They should't. Bypassing policy is malware behaviour.

Funny that they ignore "my" network DNS, not ISP's. (in the name of freedom)

[godelski]

FF enables this and they aren't not ignoring the ISPs. Settings > Privacy and Security > DNS over HTTPS

There is a reason to do this btw. The name should say it all. It'll default to cloudflare but they let you specify what you want. The utility? Let's say I'm not an advanced user, what's my DNS look like? Is it DoH? We both know the answer. So defaulting so users' traffic is default DoH sounds like a security improvement. There's also an additional utility. If I take my laptop and move from my home network to another one, I actually don't end up using a different DNS.

You can also use Mullvad's DNS[0], or switch to 1.1.1.2/1.0.0.2 if you want malware protection on Cloudflare's DNS.

Stop making up conspiracies that don't exist. There's enough BS in the world already that we don't need to make ones up to be upset.

[0] https://mullvad.net/en/help/dns-over-https-and-dns-over-tls