|
|
|
|
|
|
by kelnos
645 days ago
|
|
|
> An easy solution would be for Google to host their DoH endpoints on the same domain(s) as their regular service That's not how that works. DoH resolvers need an IP address, not a domain name. Sure, Google could host DoH on www.google.com, www.youtube.com, etc. but most users are not going to be savvy enough to find those IPs and use them. Then again, perhaps users savvy enough to try to use DoH to bypass these blocks would also be fine with this. |
|
|
Very few people configure DoH on their own. It's up to the DoH-enabled client software (mostly browsers) to obtain lists of resolver IPs and keep them up to date.
If Cloudflare, for example, really wanted to make their DoH traffic indistinguishable from other HTTPS traffic, they could literally host DoH on any domain or IP under their control and rotate the list every now and then.