DNS over HTTPS in Firefox

I spent an inordinate amount of time trying to make sure that an UDP-only DNS server can work in the current Internet, with IPv6. Purely out of engineering sense - DNS should be stateless and connectionless.

Well, it failed miserably. With DNSSEC you are routinely looking at replies that are greater than 1500 bytes long. IPv4 fragmentation usually saves the day (though it's slowly getting more and more broken) but with IPv6 it's a complete non-starter.

There are two ways to fix it:
1) Make DNS great^W small again. ECC instead of RSA basically fixes it for _most_ cases, but not all.

2) Just forget about all this stateless nonsense and go full-metal-stateful. This way you can utilize all the advances made by browsers, in particular QUIC and TLS 1.3. They allow zero-RTT connection initiation, at the cost of stored data.