I mean, DNS is a protocol from the dinosaur days of the internet, where cryptography just wasn't a concern for anything. It's also foundational. Moving to a truly encrypted, private, not-transparently-backward-compatible protocol was never likely to see better adoption than DNSSEC.

IMO, telling all this to someone who has no historical context and innocently asks "Why not just fix DNS?" is lighting a candle with a flamethrower. Plus all the strong emotions that get conjured by DNSSEC and its history (at some point someone will chip in asking about DNSCurve...).

The important points for the casual observer are that people have considered updating DNS and that DNS is unfixable for political and economic reasons. Which is why the best answer we have today is to tunnel it over HTTPS.

DoH is essentially the IETF's version of DNSCurve. DNSCurve (and then DNSCrypt) were at base the idea that we should secure DNS bottom-up, starting from the resolvers, rather than what the IETF had been doing, which was the top-down start-at-the-roots concept of DNSSEC. Neither DNSCurve nor DNSCrypt had any real push in the IETF that I can find; Dempsky wrote an I-D for DNSCurve back in 2010 that has like 2 mailing list posts about it, and I can't find anything for DNSCrypt despite it actually having users.

Meanwhile, the idea that we can't do anything but tunnel DNS through HTTPS because of inertia or politics is obviously false, because there are competing proposals, one of them with serious IETF energy, that don't do that. They're just not popular among users.

I remember during 2009 IETF meeting talking about using end-to-end, and the response I got back was that DNS resolving must be a simple caching server at the ISP end because companies has shown that for every millisecond slower a website loaded there was a noticeable loss in sales, and thus anything that impact performance would not be acceptable.

Under that mentality you could not do much with the last-mile, and you can definitely not do any serious security that protect confidentiality between client and server. You could do something DNSSEC because it did not cause a 10ms lookup to go to 11ms, and thus no one was screaming bloody murder over it.

Which is "something must be done; this is something" logic, right? It's pretty plain to see that the operator community did not in fact want DNSSEC, despite its favorable latency characteristics.

The original intent behind dnssec is before my time working in the dns industry, and when it come the last couple decades the larger push seems to be focused on making people feel more secure in using dns for identification and authentication purposes. How well it does the job depend a lot on the threat model, and how large the actually risks are for that model.

How likely is it that an attacker can take over an domain on say cloudflare/microsoft using dns authentication, or someone managing to spoofing an email by changing the dmarc signature? On the average case I suspect the risk is very small, but then I don't think that specific attack surface has been well tested enough to demonstrate how good the idea is to put keys and proof of identity in dns without any additional system to validate the records.

I worked at Network Associates not long after they bought TIS, which had the original DARPA contract for DNSSEC, and had been working on DNS security for at least 2 years prior to that, and the push then was (unfortunately) the same as it is now: to authenticate the DNS, to create a resilient global PKI that can be used to increase the importance of the DNS in other applications. Privacy has literally never been in its remit; that's why they spun up a separate WG (DPRIVE) to work on it.

DNS would still be easier to replace than IPv4, but there's less of a technical motivation.

> virtually every major ISP in America monetizes DNS lookups for their customers

For 95% of users, DoH just lets Google monetize the lookups, instead.