Released in April 2018 by Cloudflare, 1.1.1.1 is a very attractive choice for resolving your DNS queries. It claims to be the fastest although it depends on your location. It gets top marks for privacy by holding logs for a max of 24 hour and it offers an encrypted link with TLS.
Here is how to use the encrypted TLS version of their service (on a Linux box)
Install Unbound
sudo apt-get install unbound
Configure Unbound
cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.original
cat > /etc/unbound.conf
server:
verbosity: 1
do-tcp: yes
do-udp:yes
interface:192.168.1.1
interface:127.0.0.1
num-threads: 1
root-hints:/etc/unbound/root.hints
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
log-time-ascii: yes
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.0/24 allow
username: "unbound"
forward-zone:
name: "."
forward-addr:1.1.1.1@853
forward-ssl-upstream: yes
Start Unbound
sudo systemctl start unbound
echo "nameserver 127.0.0.1" >/etc/resolv.conf
Test Unbound
[root@desktop ~]# dig example.com
; <<>> DiG 9.11.2-P1-RedHat-9.11.2-1.P1.fc27 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32326
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 3468 IN A 93.184.216.34
;; Query time: 0 msec
;; SERVER: 127.0.53.53#53(127.0.0.1)
;; WHEN: Tue Apr 03 22:38:37 NZST 2018
;; MSG SIZE rcvd: 56
Notice the query time of 0, because I queried it earlier, it got cached. The first query took about 150ms because TLS adds overhead