DNS over HTTPS is immune to amplification attacks.
If the alternative to DNS over HTTPS is a DNS-over-TLS resolver being run by a company without a website (???) then I guess that's easier than DNS-over-HTTPS. Are you really going to use a resolver run by a mysterious nobody?
There are probably more than a dozen HTTP stacks being widely used in production. It's not remotely a monoculture.
> Is there anything left, that's not on HTTP? Maybe NTP.
OpenNTPD also uses HTTPS (TLS, technically) by default [0].
Fortunately, they aren't yet trying to tunnel actual NTP packets over HTTP or anything like that, just using the information in the "Date: " header as a sanity check.
Here's another idea: other protocols are useful as well, sometimes more useful, than HTTP.
> HTTPS stacks are battle tested and there are multiple of them.
So is DNS. I wonder how the HTTP servers deal with DNS amplification attacks.
> People running a DNS resolver likely have the ability to run a good HTTPS server already
Your conclusion lacks any indication of evidence.
> Because there are multiple stacks the risk of people settling on a monoculture is a lot lower.
HTTP _is_ becoming a monoculture. Sort of. I know it's an open standard, and everything, but still.