Glad to see yet another spirited discussion on security, privacy, dns, and, perhaps, exercises in futility.
I'm glad to see the DNSSEC option has been included in Merlin's 380 build.
In terms of the DNS, is this the only "security" option necessary for home-use internet traffic? Assuming that's a "no" or a dismissive response, what, if anything (else) could/should be used to attempt a best-case privacy AND security method?
I'm sure some of these questions have been answered somewhere else, some time ago; however, given the accelerating pace of technological developments (not strictly code), implementations, standards, etc. it would be useful to, at least provide a link to a up-to-date, long-term, reputable resource on this matter instead of simply advising people to "google".
Is it advisable, necessary, or even effective to install/implement `dnscrypt-proxy` for an additional security layer? I suppose this isn't a viable option, given its conflicting affect regarding privacy. Notwithstanding the obvious, yet often-misunderstood, differences between privacy and security, it has to be said that lacklustre privacy is DIRECTLY related to security, as it needlessly exposes people to numerous risks in various segments of their lives (financial, physical, emotional, etc.).
Finally, should the DNS-filtering service be enabled to protect against "malicious content"? It's somewhat disheartening that OpenDNS was acquired by cisco; though, I'm not sure to what end and how effective any dns-related services protect privacy and security.
NOTE: in terms of privacy, it's not the Government "3 letter agencies" that people are/should be concerned about; rather, it's the ever-expanding and -multiplying number of "big data"-intoxicated corporations that pose the greatest risk to security through the dismantling of privacy.
