So far I don't see the DoH in the Chrome setting pages, but disabled it via
chrome://flags/#dns-over-https
Chrome will not change the DNS servers configured by the OS. It will merely upgrade to DoH for known compatible DNS servers.
In other words, no need to disable this in Chrome flags.
Why do you do that?
Google isn't the only company that uses DoH technology. And if you think Google "can be evil", why would you use Chrome anyway?
1 Like
Ok. In any case it seems you answered a question I directed to someone else. There's no need to mess with Chrome flags or block all servers capable of DoH.
Well you're entitled to your view, personally would encourage encrypted DNS adoption, whether it is via DoH or DoT.
DoT is one thing. DoH is a craptastic pile of monkey poo.
DoT > DoH > Unencrypted
In my opinion.
And that's a valid opinion. The first time something like Android malware uses DoH to hide it's C&C (hint, it's already happened) and that whole scheme goes in to the trash can for me.
Since there's no difference between DoH and HTTPS, why blame the existence of DoH for the malware C&C and not HTTPS?
There's an incredible amount of difference between DoH and HTTPS.
I can't see anything in that tweet which explains why DoH is more of a risk than HTTPS. 
Research, it's good for you.
Anyway the argument is somewhat moot, the largest browser manufacturer and the largest OS have already committed to DoH instead of DoT. I'm not a huge fan of the decision either, but that's how it is.
And that is the biggest red flag of all.
Just because they have committed to it does not compel you to adopt it. They like this method since they can hide their traffic in the https noise. Encrypted DNS offers nothing in terms of privacy and little in the form of security. You would have improved privacy and equal security hosting your own recursive resolver and cutting out the upstream DNS provider entirely.
Hosting a recursive server where?
On the Pi itself. Unbound is such a recursive server, and we provide a guide for setting it up. 15 minutes and you are free from any upstream DNS providers.