Google company about the beginning of the phased inclusion (DoH, DNS over HTTPS) for Chrome 85 users using the Android platform. The mode will turn on gradually, covering more and more users. Earlier in Started enabling DNS-over-HTTPS for desktop users.
DNS-over-HTTPS will be automatically enabled for users whose settings include DNS providers that support this technology (DNS-over-HTTPS uses the same provider that was used for DNS). For example, if the user has DNS 8.8.8.8 specified in the system settings, then Google's DNS-over-HTTPS service ("https://dns.google.com/dns-query") will be activated in Chrome if DNS is 1.1.1.1 , then Cloudflare's DNS-over-HTTPS service ("https://cloudflare-dns.com/dns-query"), etc.
To avoid issues with resolving corporate intranets, DNS-over-HTTPS is not used to determine browser usage on centrally managed systems. DNS-over-HTTPS is also disabled when parental controls are in place. In case of failures in the DNS-over-HTTPS operation, it is possible to roll back the settings to a regular DNS. To control the operation of DNS-over-HTTPS, special options have been added to the browser settings that allow you to disable DNS-over-HTTPS or select another provider.
Recall that DNS-over-HTTPS can be useful to prevent leaks of information about the requested host names through the DNS servers of providers, combat MITM attacks and DNS traffic spoofing (for example, when connecting to public Wi-Fi), counter blocking on DNS level (DNS-over-HTTPS cannot replace VPN in the area of ββbypassing blocking implemented at the DPI level) or to organize work if it is impossible to directly access DNS servers (for example, when working through a proxy). While normally DNS requests are sent directly to the DNS servers defined in the system configuration, in the case of DNS-over-HTTPS, the request to determine the host IP address is encapsulated in HTTPS traffic and sent to the HTTP server, on which the resolver processes requests through web API. The current DNSSEC standard uses encryption only to authenticate the client and server, but does not protect traffic from interception and does not guarantee the confidentiality of requests.
Source: opennet.ru