In article <8edb08ac-5f86-04b7-7b7e-8bf1eb253...@gmail.com> you write: >You may not need a "cloudish sort of place." It really depends your user >count. A residence or small business doesn't generate that many "new" >domain queries in 24 hours.
I'm pretty sure that when Ron said 64K outstanding queries, he meant it. It's not just family members looking at Facebook. >The "cloudish" option can also be DNS-over-TLS to cloudflare 1.1.1.1 or >quad9 9.9.9.9. Then Unbound merely forwards the full query and these >providers do all the heavy lifting. These services appear to have >reasonable privacy policies at least worth reading. With TLS, your ISP >cannot mingle some "extra information" into your DNS responses. That's not a bad idea, if the performance is adequate and it can deal with all those intermingled queries on a few DoT connections. R's, John