Contributors to Wikimedia projects
I have been reading more this year about DNS over HTTPS and its provision to protect us from attackers putting payloads in DNS packets and by commanding systems to do nefarious things. There has also been the DNSSEC suite created by the IETF. These have become well known protocols and tools for protecting systems and we have the RFCs for them. So, it doesn't make much sense to talk about all that stuff here.
I just wanted to say that it a makes much more sense to add features for a well used, well known, and well documented protocol that exists such as HTTPS than to produce a new suite of tools like DNSSEC. This will revolutionize the Internet, and it is already being implemented in existing DNS servers around the globe. I am not sure how much extra installation or anything that needs to happen, but I think it would be simpler to do this than changing a client around to deal with new tools in Requests and Responses. This is all very fascinating and revolutionary.
There has been issues with DNS tunneling for a little while, and I have seen different types of attacks where bad actors can gain valuable information from systems with DNS payloads. I am very grateful that this whole industry is changing and keeping up with the times, as we know that there is not much we can do about zero day vulnerabilities. However, with something tried and true like HTTPS, this will bring mighty strength to our infrastructures with encryption just like the trusted port 443 has not changed in eons.
Alex Hinchliffe