Funny how nobody warning about DoH ever notices that "organisations" could indeed run their own DoH/DoT servers and implement any policy they like https://www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/
Main limitation being of course that it would require ten year long transition program as your whole "organisational" DNS runs on some ancient crap commercial or cloud nameserver, who only heard about DoH/DoT in 2019 and it's just as new to them as say IPv6
@kravietz wait, you mean actully implementing meaningfull security measures without it being legally required! Heresy!
@kravietz And Firefox will still connect to Cloudflare.
@aral New DoH servers can be added easily, possibly even through Windows GPO