Released in April 2018 by Cloudflare, 22.214.171.124 is a very attractive choice for resolving your DNS queries. It claims to be the fastest although it depends on your location. It gets top marks for privacy by holding logs for a max of 24 hour and it offers an encrypted link with TLS.
Here is how to use the encrypted TLS version of their service (on a Linux box)
sudo apt-get install unbound
cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original cat > /etc/unbound.conf server: verbosity: 1 do-tcp: yes do-udp:yes interface:192.168.1.1 interface:127.0.0.1 num-threads: 1 root-hints:/etc/unbound/root.hints outgoing-port-permit: 32768-60999 outgoing-port-avoid: 0-32767 log-time-ascii: yes access-control: 127.0.0.0/8 allow access-control: 192.168.1.0/24 allow username: "unbound" forward-zone: name: "." forward-addr:126.96.36.199@853 forward-ssl-upstream: yes
sudo systemctl start unbound echo "nameserver 127.0.0.1" >/etc/resolv.conf
[root@desktop ~]# dig example.com ; <<>> DiG 9.11.2-P1-RedHat-9.11.2-1.P1.fc27 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32326 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 3468 IN A 188.8.131.52 ;; Query time: 0 msec ;; SERVER: 127.0.53.53#53(127.0.0.1) ;; WHEN: Tue Apr 03 22:38:37 NZST 2018 ;; MSG SIZE rcvd: 56
Notice the query time of 0, because I queried it earlier, it got cached. The first query took about 150ms because TLS adds overhead