The advantages of the new system are obvious. The technology improves security and user privacy. Compared to classic DNS, DoH provides encryption. However, DNS over HTTPS is neither completely safe nor completely private. As before, all information can still be viewed on the name servers where the name decryption takes place and a number of servers also learn who is requesting what information. Therefore, DNS participants must be trusted with the new technology.
However, DNS over HTTPS shifts responsibilities here. Internet providers’ servers typically oversee a large part of the name decryption. With DoH, on the other hand, browser developers can now decide which servers they want to forward their DNS queries to. In Chrome, this is done using Google’s own DNS server. Mozilla already uses Cloudflare for Firefox. Whilst this raises the question of whether users should trust these companies more than the ISP, it also means that just a handful of providers are in charge.
DoH critics believe that net neutrality is at risk with the DoH. They fear that Google could, for example, answer queries about the company’s own services faster than DNS queries about other websites. By concentrating on a handful of providers, DoH servers also pose a security risk because this would make it much easier for attackers to paralyze the entire DNS.