In response to several court orders, Cloudflare geoblocked more than 400 sports streaming piracy domain names on its pass-through service in France last year. Notably. Cloudflare says that, despite requests, it has not blocked any websites through the 1.1.1.1 Public DNS Resolver. That last comment is relevant to the renewed site blocking push in the United States.
Are you pulling directly from root servers? I run pihole but it’s upstream is Cloudflare.
Yes, Unbound by default will query DNS root servers (root hints) without any middle man, thus greatly improve security. Unless you override
forward-zone:or one or all stub-zone.But only if it needs to, since Unbound has also a cache to store the DNS queries results.
See my config: https://gitlab.melroy.org/-/snippets/620