The network control plane is not on the end user’s computer. For a home network, this is probably their ISPs modem, followed their ISPs actual edge. You could opt to set up your own DNS server or use an alternate DNS server, which is bypassing the control plane, assuming your ISP doesn’t force you to use their restrictive equipment.
The difference between DoH and regular DNS here is that even if you choose another resolver, unencrypted DNS can still be intercepted, logged, and modified by the control plane; many providers have been doing this to monetize NX DOMAIN responses even when the user is using another DNS resolver. I first realized this when attempting to get rid of annoying NX DOMAIN search SPAM pages on my phone years ago... That is precisely why this issue is coming up now and not earlier when cleartext alternate DNS resolvers gained some popularity.
> DoH wants to take it away.
What does DoH take away? You can still configure your resolver today.
> You have not been paying attention. Those same organizations removed the exact ability esni proposes once governments applied a bit of pressure on them (I'm talking about collateral freedom domain fronting thing).
What have providers removed from ESNI?
