The point of DoH is bypassing the network configuration for DNS because of bad network operators (IE, ISPs deciding to play god)

The point of DoH is preventing 'others' - such as ISPs - from snooping and interfering with plain-text DNS queries. Encrypting network traffic is generally good. Anything that hijacks DNS requests is going to no longer work, as designed.

Devices should still allow setting a custom DoH server, and they should use it. You should still be able to run your own DoH server and use that.

Any device/software that ignores your network settings (such as classic DNS or DoH) is bad, just like an ISP intercepting your DNS requests is bad.

So which DHCP option do I use for DoH? All I can find is some expired RFC draft[1].

[1]: https://tools.ietf.org/id/draft-peterson-doh-dhcp-01.html

https://datatracker.ietf.org/doc/draft-ietf-add-ddr/ is the current approach

Thanks! More involved but more flexible it seems.

Sadly this is a bit naive in my opinion.

Hidden behind “privacy” marketing DOH looks to be a way to centralize DNS queries at the app level to protect ad revenue.

Now apps you download can essentially have their own DNS resolvers built into the app and you no longer have control over DNS data. Especially IOT devices and smart TV’s will just bypass all user settings and directly resolve dns with resolvers of their choosing.

Now apps can do that? Couldn't apps previously/currently hard code their own plaintext DNS resolver? The only change here is that now it's encrypted, and network operators (including yourself) cannot mitm DNS?

They have been able to do that or just hardcode an IP for content directly. The problem is that we allow this in the first place at all

I am god on my own network. Thou shalt not seek gods other than the holy DHCP hath said to thee, and so on.