Hi Sam,

This is what Paul Vixie had to say about it at the most recent NANOG:
https://www.youtube.com/watch?v=LYosersEBoM

Scott

On Tue, 19 Nov 2019, Sam Lanfranco wrote:

> I could do with some expert opinion and enlightenment here. From what I read
> the following move is likely to have a negative effect on the security of
> the DNS system.
> 
> From circleID: Microsoft Announces Plans to Adopt DoH in Windows
> 
> Microsoft announced today its plans to adopt DNS over HTTPS (DoH) protocol
> in Windows and will also keep other options such as DNS over TLS (DoT) on
> the table for consideration. "[S]upporting encrypted DNS queries in Windows
> will close one of the last remaining plain-text domain name transmissions in
> common web traffic," noted company in a post." Microsft further added: "For
> our first milestone, we'll start with a simple change: use DoH for DNS
> servers Windows is already configured to use. There are now several public
> DNS servers that support DoH, and if a Windows user or device admin
> configures one of them today, Windows will just use classic DNS (without
> encryption) to that server. However, since these servers and their DoH
> configurations are well known, Windows can automatically upgrade to DoH
> while using the same server."
> 
> For commentary on the issue:https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-s
> olves-experts-say/
> Sam L.
> 
> 
>