>Formerly your browser still "phoned home" to your default DNS provider, using an insecure protocol.
This is kinda painful to read, to the point where I'm not sure if it's intentionally misleading;
DHCP will give you a DNS config, that DNS server can be local, remote, it can support DNSSEC or DNS over TLS (yes, that's a thing[0]). I even have configurations where a local DNS resolver on my machine (DNSMasq/unbound) would query _different_ recursive resolvers based on the domain I'm requesting.
DoH takes away huge amounts of configuration, and the ability to locally host DNS and ensures that a central body gets your DNS requests. The only "opt-out" in the current system is not using DNS at all, which is still an option. (NETBIOS/mDNS/Hosts)
Maybe a nitpick but i doubt dhcp is going to hive you a local dns server
> it can support DNSSEC
Which is irrelevent to the original complaint about "phoning home". DNSSec provides security against certain types of attacks like poisioning. Privacy & evesdropping are outside of its threat model
> DNS over TLS (yes, that's a thing[0]).
A thing with very little client support. Is it even possible to specify this via dhcp?
> DoH takes away huge amounts of configuration, and the ability to locally host DNS and ensures that a central body gets your DNS requests.
If you're doing this level of configuration, just disable DoH. Or host your own DoH server.
> Maybe a nitpick but i doubt dhcp is going to hive you a local dns server
Nearly every consumer-grade router on the market hands out IP configurations where said router is configured as a DNS server (the router then usually is configured to forward requests to the DNS provider of your choice, which is usually the ISP's DNS servers, depending on the technical ability of the person that set the router up). This is useful for things like accessing devices on your local network that have a GUI accessible via a web browser by hostname rather than IP address or, in the case of Netgear, intercepting requests to routerlogin.net and redirecting them to the router's configuration page instead of some page on the Internet.
If FireFox starts to ignore the OS-level DNS configuration, then these things are going to break and consumers who don't follow these things closely aren't going to know why or how to fix it.
> Maybe a nitpick but i doubt dhcp is going to hive you a local dns server
0_o Weird doubt,-- thats why DHCP can give you a DNS server. Otherwise, DNS discovery might as well work by just defining some /32s that always get routed to a nearby DNS server. :)
My DHCP servers at home give me a local DNS server... any corporate network that also has internal private naming will necessarily be handing out a resolver internal to that network.
I guess i was interpreting local in the sense of localhost. Which, fair enough, in context that is a silly way to interpret local as local network makes much more sense in context.
This is kinda painful to read, to the point where I'm not sure if it's intentionally misleading;
DHCP will give you a DNS config, that DNS server can be local, remote, it can support DNSSEC or DNS over TLS (yes, that's a thing[0]). I even have configurations where a local DNS resolver on my machine (DNSMasq/unbound) would query _different_ recursive resolvers based on the domain I'm requesting.
DoH takes away huge amounts of configuration, and the ability to locally host DNS and ensures that a central body gets your DNS requests. The only "opt-out" in the current system is not using DNS at all, which is still an option. (NETBIOS/mDNS/Hosts)
[0]: https://developers.google.com/speed/public-dns/docs/dns-over...