Comment by a022311
1 day ago
I totally agree with this and I wish root servers supported DoT, but I guess this setup is slightly better than having all your queries collected by a single entity (at least as far as you can know, because as you said, anyone in between can intercept requests). At least response integrity can be verified with DNSSEC and DNS-level censorship can be prevented much more effectively.
DNSSEC doesn't do anything to prevent DNS-level censorship, and DoT is easier to block than DoH --- that's why there's DoH in the first place.