[re5i5tor]

Switched off 1.1.1.1 for that reason a while back. Currently using OpenDNS which is now unfortunately owned by Cisco. Definitely a lack of actually open alternatives.

[dano]

Running your own resolver that points directly to root servers is also an option. https://nlnetlabs.nl/projects/unbound/about/

It isn't too complicated to set up and provides faster responses than external DNS servers, especially after the cache gets built up a bit.

[xorcist]

Not too complicated is an understatement. It's literally zero configuration unless you want to do something special.

[mtsr]

Indeed, this is my preferred solution too. Unfortunately this doesn’t protect one from snooping by network intermediaries, although that’s much less of an issue in the EU due to privacy regulations. At least in principle, but it’s hard to be sure.

[midasuni]

Run your own resolver on a vpc (perhaps in a different country, pay with bitcoin, adjust on your level of concern) and WireGuard to it (perhaps WireGuard over a service like mullvad)

[ComputerGuru]

DNS latency sucks.

[re5i5tor]

Thanks for this, really interesting.

[johnklos]

Quad9 seems decent. They're certainly not as shitty as Cloudflare or Cisco.

[yakubin]

I used to use OpenDNS, but then out of nowhere they decided to enable parental control by default[1] and without an account I don’t think I could disable it.

[1]: Maybe only in EU?

[xist]

208.67.222.222 / 208.67.220.220 do not have the functionality worldwide. The IPs ending in .123 do have parental control enabled worldwide

[agloe_dreams]

A Pihole will do what you want with a ton of control added.

[re5i5tor]

I run Pihole. How does it solve upstream DNS provider troubles; it still needs / uses them? I'll admit there's a lot of Pihole config I have not explored.

[metabeard]

It's not open, but I'm happy with https://nextdns.io/

[ElongatedMusket]

It works again, so you can go back to 1.1.1.1

[re5i5tor]

Thank you, switched back and so far archive.* seems to be working on 1.1.1.1