To be honest, I have no idea what point you're trying to make.
Here it is:
* Companies have internal (intranet) network services
* Companies operate their own DNS (DoH) resolvers
* They also have global (internet) employees
* The devices those employees use have hard-coded DNS (DoH) resolvers (Google, CloudFlare)
* Don't let them use the hard-coded DNS (DoH) resolvers
* Make sure their machine uses the company DNS (DoH) resolver.
I know people think that DNS-over-HTTP makes everything private and secure, but it doesn't. Google and CloudFlare still see every single DNS query from everyone.
Here it is:
* Companies have internal (intranet) network services
* Companies operate their own DNS (DoH) resolvers
* They also have global (internet) employees
* The devices those employees use have hard-coded DNS (DoH) resolvers (Google, CloudFlare)
* Don't let them use the hard-coded DNS (DoH) resolvers
* Make sure their machine uses the company DNS (DoH) resolver.
I know people think that DNS-over-HTTP makes everything private and secure, but it doesn't. Google and CloudFlare still see every single DNS query from everyone.