Mozilla announced the launch of DNS over HTTPS (DoH) at the end of this month. Firefox will use DoH by default instead of traditional DNS. However, OpenBSD recently decided to disable DoH by default on Firefox in its distribution system.
Compared with traditional DNS, working with cloud service providers to issue DNS requests over HTTPS has little impact on uncached DNS queries. Most queries are only about 6 milliseconds slower, but weigh security and protect private data. From a perspective, Mozilla believes this is an acceptable cost. And in some cases, even hundreds of milliseconds faster than traditional DNS. This may be a good improvement for the average user, but all users need to go through third-party cloud vendors to resolve traffic, which may also present privacy and data security issues. The OpenBSD project didn’t think it was appropriate, so it changed the way Firefox enabled DoH by default:
“Disable DoH by default. While encrypting DNS might be a good thing, sending all DNS traffic to Cloudflare by default is not a good idea. Applications should respect OS configured settings. The DoH settings still can be overriden if needed. ok landry@ job@”