Re: Now this would be a great idea...
"Even if every TLS website had a unique IP address (and SNI were disabled), you could still easily build a database of hostname to IP address mappings, just by taking logs from any heavily-used DNS cache."
Nevertheless, it doesn't affect what I think is the principle feature of DOH. Sniffing out what sites are being visited by hosts on your network is possible, but DOH would prevent redirecting those hosts by altering the DNS replies that they see.
Biting the hand that feeds IT
