Is it better to use my isp dns server or a public one like cloudflare? I’ve noticed that my isp dns servers are slightly faster according to ping tests but they fail the dnssec signature test, while cloudflare and Google dns pass all signature tests using dnssec standards. The difference in speeds isn’t really noticeable, but I’m wandering about security and privacy.
I’d avoid your ISP DNS for almost any other option. I’ve had multiple ISPs that redirect unregistered domains to their own site or search pages, and/or marketing pages, or decide that some sites or content should be limited for no real reason.
At least the big public ones (Cloudflare, Google, Quad9, etc) have less reason to misdirect your results.
I now run my own DNS resolver, which also can cache results on my LAN for improved speed, and then query upstream to Cloudflare 1.1.1.1 or Google 8.8.8.8 as needed. I’ve been quite happy with that.
I use Quad9 but going to do my own dns soon
I run pfsense which has unbound build in which I forward to nextdns for adblocking/malware, also there server(s) are relatively close so I get under 20ms.
For a couple other homes I manage I have unbound installed on two of the raspberry pi’s the host the controllers at their homes and just forward to nextdns under their own profile, one user uses their nextdns cli client but I plan to move them to unbound the next time I am here.
Use QUAD9 for DNS. 9.9.9.9ISP is always the fastest DNS. It is your local network for internet.
I use pi-hole resolving to opendns with Cloudflare as a secondary. I like the combined blocking impact of pi-hole and opendns.
I pay for NextDNS, I could run piHole or something free but it is worth the price for convenience.