[LinuxBender]

I wholeheartedly disagree.

Same. There are plenty of example configurations for less technical people to stand up their own server. As a bonus they can learn from it with time and also help family members block some malicious sites.

My Unbound daemon talks to the root servers. I keep some DoT I also run on standby and various VPS and rental server providers just in case. Having my own daemon I can log to a ramdisk all the responses and see when apps are doing something dodgy. Despite popular belief here on HN it is trivial to block all the DoH servers despite being on HTTPS 443. Another perk of running my own server is I have full control over caching and blocking of domains. For most sites my response time is sub 0ms.

Sending all the DNS traffic to the big corporate capture servers is bonkers in my view. That allows both the ISP via SNI and the big government created sites to capture everything. ECH support is still very limited outside of Cloudflare. People claim that ISP's tamper with DNS but very few do in first world countries. I empathize with the people that have crap ISP's but mine will behave properly. I also only use IPv4 on my ISP. Even on VPS and rental servers the only role I also use IPv6 is my public authoritative DNS servers. Web and others are just IPv4. It's much easier to block bots having to only deal with one version.

For completeness sake I should also add that Unbound has options to mimick the BIND 8, BIND 9 or Unbound prefetch and retry algorithms.