Favorite DNS over HTTPS provider?

<blockquote><em><a href="#545272">In reply to dftf:</a></em></blockquote><p>I have my own DNS server "in house". That means:</p><ol><li>I can access all my equipment by name</li><li>I can set up my own blacklists and whitelists</li><li>All devices use the same DNS provider (mine) and not what the browser/device thinks it should use</li><li>The number of DNS queries that go externally are reduced, as they are cached on the local DNS server – thus making it harder for the DNS provider to know how frequently sites are visited.</li></ol><p>In essence, that means that if there is a problem with DNS, I know where to start looking. If each device uses DoH using its own default provider, if something suddenly stops working, it isn't as easy to diagnose, because some devices might still be working and some won't, so you would normally discount DNS as being the problem.</p><p>I block all of Facebook, for example, (over 2,500 domains) and around 2.5 million tracking, malvertising and malware sites.</p><p>It uses the same TLS encryption as DoH, but it uses the traditional DNS protocol. That is cleaner, is isn't abusing another protocol to do something it wasn't designed to do / shouldn't be doing.</p><p>As I also have servers, switches, access points, printers, NAS and other PCs and phones in the house, they are all automatically assigned internal names (Printer001, Switch001, Switch002, PC1, PC2 etc. – well, I give them more meaningful names, but you get my drift). That means I can contact them with their assigned names. If the device / browser is using DoH, it won't know anything about the internal devices, so they will not be found – or I will have to wait for the external DoH server to fail its lookup and the browser to fall back on using "real" DNS instead; or it will jump to a search engine, like Google or DuckDuckGo, to search for the name, both of which are exposing the make-up of my internal network to services that don't need to know that!</p><p>The local naming and blocklists are the main reasons why company networks will often block external DNS servers. They can block sites they consider as malware slingers, for example and there are often dozens or hundreds of printers, servers and other services on the internal network, that a) wouldn't be found on DoH and b) would expose company metadata to the DNS provider and possibly the search engine, if the browser borks at the DoH not finding the name.</p>