Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, and have all that traffic leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.
For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.
Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, and have all that traffic leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.
For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.