DNS-over-HTTPS (DoH) vs DNS-over-TLS (DoT), which do you prefer?

A short repeat on them, please correct me if I am wrong somewhere:

  • DoH makes https connection and thus looks like any other HTTPS traffic. It leaks more metadata, but simultaneously it’s more commonly unblocked than
  • DoT which is plain DNS traffic within a TLS connection using a dedicated port 853, even if some providers allow it in port 443.
  • DNSCrypt is older technology without RFC, but uses port 443 (and the “main” implementation dnscrypt-proxy also supports DoH)

See also: https://www.privacytools.io/providers/dns/#icanndns

I don’t want to mess my own opinions into the original submission due to beginning so factual, but lately I seem to have been more with DoT due to the 443 allowing servers and using Unbound directly instead of passing everything to DNSCrypt-proxy as while Unbound DoT is said to have issues like not reusing or keeping DoT connections open, it still performs DNSSEC validation locally.

On Android I have been usign DoT more, because it’s supported natively by Android 9+ and today I have sent feedback to Helsinki Metro and libraries requesting the port 853 to be unblocked as those are the only places I frequent that don’t have it open. On an older phone I have been using Nebulo app with DoH (it supports both) as it tends to work everywhere even if there is no native support. DoT after changing my mind due to reading more on DoH and wishing to decrease the HTTPS metadata, I have mobile data, so I don’t have to be stuck with those restrictive networks.

While Nebulo has some benefits like seeing queries and being able to increase logging, I think it’s behind some issues I am having with Conversations faling connections and VoWiFi, but I haven’t been able to confirm it and my Nokia 1 is just so low-end which might be behind the issues.

I am also unsure on whether it’s a good idea to add an app (which also wants to take over the VPN slot which shows warning on top right) to do something that the OS already does, especially with so limited devices.

I think both seem good solutions while not being perfect and I am curious on what does everyone else thinks or uses?