A trend I really dislike in modern browsers is the activation of DoH, or in general any override of the DNS settings provided via DHCP.
In my case I use a local DNS server that doesn’t rely on forwarders but queries the tree directly. I also have integrated ad blocking thanks to filter lists.
This morning a client called me because Chrome could no longer reach their internal server. On their network there’s an internal DNS record that resolves the name to the LAN address, yet it seems their browser randomly resolves it to the external IP instead. I’ll probably fix it with a redirect or NAT hairpinning (I dream of the day when we finally have IPv6 everywhere), but it still feels like a workaround.
Why, when there’s a reasonably secure internal DNS, should you resolve using the usual big players that want to centralise all traffic? I mean, I understand the reasoning behind it. Still, it feels a bit like the "commercial" VPN situation: you fear your provider might inspect your traffic, so you hand everything over to some shady company based who knows where, claiming to protect you while flooding the world with ads.
