Fwd: Re: DNS versus NAT ?

[John Levine]

In article <8edb08ac-5f86-04b7-7b7e-8bf1eb25386c at gmail.com> you write:
>You may not need a "cloudish sort of place." It really depends your user 
>count. A residence or small business doesn't generate that many "new" 
>domain queries in 24 hours.

I'm pretty sure that when Ron said 64K outstanding queries, he meant
it.  It's not just family members looking at Facebook.

>The "cloudish" option can also be DNS-over-TLS to cloudflare 1.1.1.1 or 
>quad9 9.9.9.9. Then Unbound merely forwards the full query and these 
>providers do all the heavy lifting. These services appear to have 
>reasonable privacy policies at least worth reading. With TLS, your ISP 
>cannot mingle some "extra information" into your DNS responses.

That's not a bad idea, if the performance is adequate and it can deal
with all those intermingled queries on a few DoT connections.

R's,
John