I have been using it and it does seem faster then openDNS

How can I check to see if this is working?

nslookup

Who cares if the time to resolve is 'fastest' when the resolved IP in the answer sends you to Ireland instead of San Jose for the actual content, if the site is on a CDN. The net-net is a huge performance penalty. If you care about true performance, do not use this crap. Some Apple App store downloads will go from minutes to hours, just for example. Cloudflare is not supporting EDNS0/ECS:


And in my personal opinion - Matthew Prince is a hack, a pinko-commie type who cannot be trusted. He is pro hacker/pro anarchy, in my opinion. Only until very recently, he was giving up the contact info of security researchers who reported malware - to the hackers who hosted it.

And in order to get the prestige IP 1.1.1.1 from APNIC, he had to agree to their 'research' deal and is giving up query data to them. That's China and North Korea if you aren't aware. He has the IP for 5 years, and if the commies don't like what he gives them, they take back the IPs. He says he wont give up your query logs, I don't believe him. I'd sooner believe Zuckerberg than this guy.

The lack of ECS support is a non-starter, regardless of what you think about the other stuff. I personally like fast internet, not slow internet.

Once T-DNS (EDNS+TLS) gets going Extended DNS will be default anyway. No lightweight way to encrypt UDP traffic without a tunnel management server on each end.

Well do let us know 'once it gets going'.

Thanks.

Code is already there, patches for Unbound plus proxies and server code.

It's still sitting in RFC, maybe it will go, maybe it won't, but it's much more elegant and efficient than DNSCrypt or any of the other tunnel hacks and its end to end.

Got any better solutions?

I stick with what works, I don't reinvent the wheel - that is for younger folks. I have seen stuff sit in RFC for 20 years and never see the light of day in the real world, so I'm not holding my breath on some wonderboy come lately idea. If it flies, it flies. If it doesn't, it has plenty of company on the shelf where RFC ideas go to die.

In the mean time, as in right now today - no way no how do I use some anycast DNS resolver that doesn't support ECS, no matter who offers it.

QUANTUMDNS and MORECOWBELL have proven unencrypted DNS is a liability. In that regard it is already broken and no-longer works.

Tunnels only get you privacy to the next hop, everything else is your *** hanging out in the open for all to profile.