> I wonder why it’s not 14%, given that that’s the Safari market share

That's Safari's market share among _browsers_, but lots of other stuff (IoT devices, mail servers, curl, etc.) can be configured to use 1.1.1.1.

> Safari is the only browser that does HTTPS DNS requests in its default configuration

I've opened [0] in both Firefox and Chromium on Linux, and it shows that ECH is enabled in both (which therefore means that HTTPS RRs are being queried). I don't think that I've changed any settings to enable this, but I was testing out ECH a few months ago, so I might have changed something then and forgotten.

> A1: it’s naive to assume we’re at 100% https:// adoption? Any http:// URL will not trigger an HTTPS DNS lookup

Cloudflare also has statistics on HTTP vs HTTPS [1], but that's going to be biased in favour of HTTPS since CF handles that automatically for sites they host.

> A2: site popularity and downstream caching of 1.1.1.1 means CloudFlare see fewer requests for HTTPS DNS than there are https:// connections?

Yup, but this also applies to A/AAAA records too, so this shouldn't make a difference to the ratio between different RR types.

[0]: https://tls-ech.dev/

[1]: https://radar.cloudflare.com/adoption-and-usage#http-vs-http...