There is a rather acrimonious argument currently going on among the Internet technorati over two different competing protocols for implementing encryption of domain name (DNS) queries <https://www.theregister.co.uk/2018/10/30/doh-contorversy/>. One of them is called “DNS-over-TLS” and the other is “DNS-over-HTTPS”. The former passes the DNS queries over its own TLS-encrypted connection, while the latter piggybacks on good old HTTP, using the latter’s TLS capability instead. The former is clearly simpler, and one might say “purer”, but the latter is deliberately designed to make it hard to tell what DNS queries a user might be making, since they become indistinguishable from regular HTTPS connections. So the question becomes, do you see this obfuscation as a good thing or a bad thing? It is intended to prevent snoops (both Governmental and non-Governmental) from invading the privacy of users, but it also blocks “legitimate” analysis of traffic by network admins trying to manage their systems as well. Clearly, you can’t do one without the other. So is the price worth paying?