Comment by growse

> DoH seems to exist mainly to circumvent that control.

Hate to break it to you, but if I control the client, then I'm not in any way obligated to use DNS or any other IETF-endorsed protocol to turn names into numbers when I'm running on your network.

The idea of "controlling what's going in and out of the network" died in the 90s.