On my network's (both home and work) I definitively want to block, any other DNS than the ones I set up.
It was easy and effective way, to block sites, ads, and make sure that internal sites resolved correctly.
Trying to play whack a mole with DOH servers blacklists, sounds like a loosing game.
Not exactly sure what solution there will be. Because in combination with ESNI, you will essentially have to block whole cloud flare, if you just want to block a single site.
And since a lot of ad networks use cloud flare ...
This gives more power to individual clients (both good ones like firefox, and chrome and bad ones like malware, trackers, other crap), but takes away power from centrally managing your own network.
I definitively see reasons on both sides, why this is good or bad.
It was easy and effective way, to block sites, ads, and make sure that internal sites resolved correctly.
Trying to play whack a mole with DOH servers blacklists, sounds like a loosing game.
Not exactly sure what solution there will be. Because in combination with ESNI, you will essentially have to block whole cloud flare, if you just want to block a single site. And since a lot of ad networks use cloud flare ...
This gives more power to individual clients (both good ones like firefox, and chrome and bad ones like malware, trackers, other crap), but takes away power from centrally managing your own network.
I definitively see reasons on both sides, why this is good or bad.
Sorry for tangential rant :)