I think just setting up Unbound is even less trouble. Servers come and go. Getting rid of the dependency altogether is better than having to worry who operates the DNS-servers and how long it's going to be available.

i am 95% certain i run unbound in a datacenter, and i have pihole local, my PC connects to pihole first, and if that's down, it connects to my DC; pihole connects to the DC and one of the filtered DNS providers (don't remember which) and GTEi's old server, that still works and has never let me down. No, not that one, the other one.

i have musknet, though, so i can't edit the DNS providers on the router without buying another router, so cellphones aren't automatically on this plan, nor are VMs and the like.

Having a 2nd trustworthy router consumes extra energy, but maybe it's worth it. More than once my router made an update and silently disabled the pi-hole.

Having a fully configured spare pi-hole in a box also helps. Another time my pi-hole refused to boot after a power outage.

well, i completely agree. I'm the author of a couple of "how-to run ipcop / monowall in <hypervisor>" articles on broadbandreports. So of course, when i heard i can get real, honest to goodness, publicly routable ipv6 on starlink with a third party router, i set to making one in proxmox local, here. None of the "router distributions" worked correctly, if at all, and none of them that i tried had ipv6 settings anywhere.

So i went to best buy and bought 3 routers, and set each one up for 1 week. Turns out, you can get public routable ipv6 with a third party router, if the router supports ipv6.

I still see people mentioning opnsense and pfsense on here from time to time, and i wonder if i got the wrong - maybe outdated - iso images? I also tried doing it with freebsd and debian and couldn't figure it out, which is a bit depressing for me. I'll try again someday.

Everyone, European or not, should prefer anything but Cloudflare and Google if they feel that privacy has any value.

HN users might prefer to run their own. It's a low maintenance service. It's not like running a mail server.

I think that might be overestimating the technical prowess of HN readers on the whole. Sure, it doesn't require wizardry to set up e.g. Unbound as a catch-all DoT forwarder, but it's not the click'n'play most people require. It should be compared to just changing the system resolvers to dns0, Quad9 etc.

Running your own and being the sole user is the exact same thing as using a dns server (you need to obtain nameservers for any given domain which you have to contact a dns server for).

Except that your queries are spread out to different places instead of all being sent to a single server.

You ask .com resolver for domain.com's NS, and then you ask ns1.domain.com for foo.domain.com. Then you browse to wikipedia.org, and none of those DNS queries go to the same place as the previous site.

That's arguably worse since you are now in direct contact with the nameservers (which are usually managed by non privacy orientated providers).

One issue here is that you can be tracked easily.