What is DOH? Overview articles: Mozilla overview entry on DOH Mozilla's settings (explains the flag/config changes) Get your own DOH server Here's how to enable DoH in each browser DNS over HTTPS (aka DoH) - The Chromium Projects What's wrong?! While DNS-over-HTTPS (DOH) gets hyped here are some reasons against DOH. Browser support: Firefox (US users only, as "test") but can be enabled via about:config Chrome / Chromium via flags (same as Firefox, it's currently a test) OS support: Windows 10 20H1 (not enabled by default) Some Linux distros Breakage & concerns: HOSTS can't be blocked, it gets ignored. VPN "leak protection" will cause problems due to the nature of how DOH works. Firewall bypasses possible. New tracking possibilities (encryption in general does not prevent or stops tracking) Other concerns mentioned. Cracking TLS connection (example provided by Johannes B. Ullrich) See here and here What should you use instead? VPN or Tor DNSCrypt, see SecureDNS for more information and background Do not use any ISP with DOH! EDNS-Padding must be used in Browser and server, which is been discussed in Firefox. Only use DOH if you have no choice (or no proxy nor tor). Reference DNS-over-HTTPS Is The Wrong Partial Solution Mozilla's new DNS resolution is dangerous A Controversial Plan to Encrypt More of the Internet | WIRED Why You Shouldn't Rush Into DoH | DNS over HTTPS Privacy DNS-over-HTTPS: Privacy and Security Concerns DNS over HTTPS with Dnsmasq and https-dns-proxy
I updated opener, Johannes B. Ullrich cracked DOH (MITM + redirection). He provided two short examples.