With Firefox about to switch most users over to DNS over HTTPS by default, thereby sending our domain name lookups to CloudFlare instead of Sonic unless we act to prevent it, I find myself answering more questions lately about whether this is a good thing.
My first thought was that it's a terrible idea, not only because Mozilla is pushing a privacy-sensitive configuration change onto users without getting explicit permission, but also because the change seemed to merely shift the exposure from our ISP to another party (which could be less trustworthy) rather than actually reducing exposure. However, Mozilla justifies it in part by claiming that traditional DNS reveals most of our IP addresses to every authoritative server and intermediate network involved in every recursive DNS lookup. They are apparently referring to EDNS Client Subnet, which is new to me, and brings me to the question I asked above.
For anyone reading along who wants to disable DoH in Firefox, you can do so before it becomes the default, by setting network.trr.mode to 5.