No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.
Recursive DNS servers will contact root DNS servers. You CAN run a recursive DNS at home quite easily. The only downfall is that root DNS typically doesn’t support any of the encrypted DNS options.
Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, or have all my requests leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.
For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.
Recursive DNS servers will contact root DNS servers. You CAN run a recursive DNS at home quite easily. The only downfall is that root DNS typically doesn’t support any of the encrypted DNS options.
Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, or have all my requests leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.
For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.