Part of the Furniture
Unbound cannot cache responses from its own integrated DoT. That is from my understanding why people use stubby along side it to benefit from its cache.. Its traffic is clear text otherwise. But you are not using your isp for dns lookups, they have to sniff your traffic to find out what you are doing. Unbound has security measures that minimize how much of your information gets presented in those queries and those queries contact root servers directly making them hard to trace. No one server has your information stored.am I mistaken that my ISP can see what my DNS inquiries are when unbound goes looking to auth servers in the case of cache miss?
If not, I think I'd very much like to re-integrate DoT (having used stubby before unbound) as a privacy protection on my network.
Is there anyone here knowledgeable about DNS-over-TLS integration at the Auth servers unbound looks to?
is it possible to set those servers that do support DoT as "preferred" in unbound? Not cloudflare or Google/Alphabet, the Auth servers
also - if I'm setting myself up for potential network issues, I'd like to know about those as well. or whatever I'm missing or not taking into account or understanding...especially if there are other better ways to accomplish what I hope to.