Here are the instructions to do it, straight from Mozilla: https://support.mozilla.org/en-US/kb/firefox-dns-over-https#...

On Windows, you can probably do this via GPOs. How does one configure a fleet of Mac or Linux machines? How does one do it with BYOD or on a campus of students' machines?

Perhaps some thought as to service discovery should have been done:

* https://tools.ietf.org/html/rfc6763

If Mozilla is going to re-invent the wheel (OSes already do DNS look ups), they perhaps should have asked the DNS folks (e.g., DNS-OARC) about some of the corner/use cases IMHO.

I think if you want to get that detailed you'd be pushing a custom managed Firefox profile.

You have twenty different applications using DoH for “increased security” and you need a custom profile for each? Why not a single line in resolv_doh.conf?

What local resolver supports resolv_doh.conf at this time?

At the moment, Mozilla wants to push this for users where DoH just works, for people it doesn't providing options to disable it.

Once resolv_doh.conf becomes a thing for all platforms (Linux, OSX and Windows) they can use that.