and Only works on Enterprise Networks for devices owned by the enterprise because the Enterprise Installs their own Root Certs on all devices that "tricks" the browsers into believing they are "google.com" not the real google.com
Right, which is exactly how it should be. If you want to perform a purposeful man in the middle attack on your clients, then you SHOULD be required to install your root cert on their workstations. With unencrypted DNS, it just means that you can perform the same attack with NO specific approval by the client workstation. How is that better?
You get an HTTPS error if someone performs a DNS MITM and you’re not set up specifically to trust their certificate. It’s equivalent to performing an HTTPS MITM without the root cert installed.
Yes, it works, by software or devices that cooperate.
With desktop OSes, it is no problem.
With mobiles, traditionally, if you enrolled a custom CA root onto Android device, the user would be nagged ("You network may be monitored").
Malware can go further, and just use it's own root, without any ability to enroll your custom one. I see this as a default with any IoT or embedded devices, so that will make much more difficult to say "no custom CA, no internet access".
and Only works on Enterprise Networks for devices owned by the enterprise because the Enterprise Installs their own Root Certs on all devices that "tricks" the browsers into believing they are "google.com" not the real google.com