In a nice document by the NSA, the illustrate the positives and negatives of the new trend for browsers to have DNS encryption thru the browser.
For those in the enterprise my take on it is simple:
- You are the boss. Manage the DNS in your enterprise.
- Configure desktops/laptops/clients to not use and even try to block it from being used on those systems.
- Secondly, it may be beneficial to even BLOCK the free DNS systems. Why block? There is a good chance malware is going to use it, and if you cant see where they are going, you cant take action.