DNS over HTTPS
Based on privacy and security, whether either protocol is superior is a matter of controversial debate, while others argue that the merits of either depend on the specific use case.
[11] Since DoH cannot be used under some circumstances, like captive portals, web browsers like Firefox can be configured to fall back to insecure DNS.
[22] In May 2020, Microsoft released Windows 10 Insider Preview Build 19628 that included initial support for DoH[23] along with instructions on how to enable it via registry and command line interface.
[28] BIND 9, an open source DNS resolver from Internet Systems Consortium added native support for DoH in version 9.17.10.
[29] DNSdist, an open source DNS proxy/load balancer from PowerDNS, added native support for DoH in version 1.4.0 in April 2019.
[30] Unbound, an open source DNS resolver created by NLnet Labs, has supported DoH since version 1.12.0, released in October 2020.
[31][32] It first implemented support for DNS encryption using the alternative DoT protocol much earlier, starting with version 1.4.14, released in December 2011.
[40] On February 25, 2020, Firefox started enabling DNS over HTTPS for all US-based users, relying on Cloudflare's resolver by default.
[44][45] In January 2021, NSA warned enterprises against using external DoH resolvers because they prevent DNS query filtering, inspection, and audit.
[48][49] The Internet Service Providers Association (ISPA)—a trade association representing British ISPs—and the also British body Internet Watch Foundation have criticized Mozilla, developer of the Firefox web browser, for supporting DoH, as they believe that it will undermine web blocking programs in the country, including ISP default filtering of adult content, and mandatory court-ordered filtering of copyright violations.
The ISPA nominated Mozilla for its "Internet Villain" award for 2019 (alongside the EU Directive on Copyright in the Digital Single Market, and Donald Trump), "for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK."
Mozilla responded to the allegations by the ISPA, arguing that it would not prevent filtering, and that they were "surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure".
