Just a thought, but when Mozilla would provide a DoH server that runs in Intel SGX or similar it should be easy to distribute the DNS requests on 3rd parties.
Intel SGX would take care of running the same code as Mozilla provided, which ensure that no privacy violations appear and at the same time, we can run decentralized with DoH by default.
Oh and for latency, we need to add some response time measuring code in FF to select the fasts DoH server.
@sheogorath why should we trust Mozilla to somehow develop a good, privacy-protecting DNS server that's essentially a black box in Intel SGX, instead of using one of the many open-source DNS over TLS implementations like DNSDist? DNS was already decentralized, Mozilla is just being hostile when they force users to send their data to Cloudflare.
@jonah The Cloudflare part was for experimenting. They currently work on TRR partners using a new policy: https://wiki.mozilla.org/Security/DOH-resolver-policy
My point is: Using SGX would enable the client to validate that the server is running the software which it's supposed to run and that is written to enforce the policy. Which makes it easy to decentralize the DNS requests as we distribute software packages when signing them. Just that we now need a signed runtime instead of files, which SGX provides.