[chgs]

If it was implemented at an OS level and respected standard configuration then fine, DoH, DoT, whatever, I’m happy.

However it wasn’t, and it doesn’t defer to the OS or the network. I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser. I additionally get different reaults depending what I use, my browser will contact a different server than any other application.

That’s broken behaviour which benefits AdTech companies like Google.

[dspillett]

> I can’t set a dhcp option on my network to tell my dozens of clients what dns server to use, I have to manually adjust each browser.

But at that point, you are effectively the ISP trying to control how users do DNS, in a way that might enable you to track/block/redirect. You might be trustworthy to your users so that is fine, but that isn't the case for every user's relationship with their service providers.

Is there an arrangement that would stop less trusted networks from tracking/redirecting/blocking DNS requests without (accidentally) helping AdTech by making DNS-based blocking harder?

[chgs]

As I run the OS I can choose to accept the hint or override the dns servers.

[dspillett]

Completely forgot to take to this a week ago (busy times…) but this more recent (that is touching in the same issues of inconvenience for some and whether it should take precedence over safety concerns of others) reminded me: https://news.ycombinator.com/item?id=41471510#41472889

[codedokode]

> doesn’t defer to the OS or the network

First, you can disable encrypted DNS, second you can set up your own DNS server and setup browser to use it. And your own DNS server will respect DHCP config.

Personally I would like OS to completely ignore DHCP config (like proxy or DNS server address) because those features can be misused for malicious purposes.