On Sun, Apr 12, 2020 at 07:33:51AM -0400, Gene Heskett wrote:
[...]
I don't either, but at some point in an https environment, it seems to me
that a dns lookup is going to have to be translated into a plain dns
lookup.
No, that's not how it works. When the browser wants to resolve a
name, it doesn't "do" DNS (when it's doing DOH, that is) but uses
some "web-service-ish" protocol over https to some server out there
(cloudflare, e.g.) which does the resolution and answers via https.
Thus bypassing whatever scheme the sysadmin has set up for DNS.
I don't have polite words for that.
Cheers
-- t