Neither had I until recently
Turns out cloudflare 1.1.1.1 is already using ODOH and my unbound is setup to use cloudflare. I think. More investigation is needed.
https://blog.cloudflare.com/oblivious-dns/
I did something similar to this (github.com) on my pis. Except I don't use wireguard.
This DNS server works for Adguard Mobile https://odoh.cloudflare-dns.com/dns-query
I'd caution against using cloudflare servers. They are not friends to the republic, so to speak.
Unless you're setup to route to ODOH relays you aren't working within the security model.
Cloudflare may use ODOH on their end, but that may just mean they're sending to relay ervers (probably run by them) after receiving your request, which is not ODOH on your end.
far as I know unbound is a recursive dns server. so if it's hitting cloudflare servers then it's just a typical recursive dns request. Plus if all your dns requests are going to the same resolver (eg. cloudflare) then from what I understand it defeats the purpose of recursive dns as a privacy measure. This is beacuse cloudflare has the full list of all recursive requests, so it's trivial to put it all together.
Thanks again for the info. I'm going to do some more reading.
I'd caution against using cloudflare servers. They are not friends to the republic, so to speak.
I don't think there are any. I don't trust any of them. I just figure its better than nothing and it sure as hell is better than using google servers or the ones provided by my ISP. I used to use quad9, but it felt kind of slow and I've heard bad things about them too.
(post is archived)