1. A pi-hole on my local network for most devices. I configured my router to forcibly capture all (unencrypted) DNS queries and forward them to my pi-hole, which then forwards them upstream to Cloudflare's DNS (over TLS).
2. I wrote a simple DNS forwarder (over TLS) that uses a 'shotgun' approach to ensure timely query responses, among other performance-sensitive features. I use this on all my Linux machines. It runs as a service and never fails, mean latency is much lower than other forwarders I've tried, including systemd-resolved, unbound, etc.
1. A pi-hole on my local network for most devices. I configured my router to forcibly capture all (unencrypted) DNS queries and forward them to my pi-hole, which then forwards them upstream to Cloudflare's DNS (over TLS).
2. I wrote a simple DNS forwarder (over TLS) that uses a 'shotgun' approach to ensure timely query responses, among other performance-sensitive features. I use this on all my Linux machines. It runs as a service and never fails, mean latency is much lower than other forwarders I've tried, including systemd-resolved, unbound, etc.