If you run all those DNS servers you have listed then it defeats using QUAD9. If you are going to use QUAD9 you need to only use QUAD9 otherwise the other DNS servers will resolve the bad names. I should say any filtering DNS is defeated if you use a non-filtering DNS server also. Focus on the DNS server you choose don't list a lot of DNS servers like the old days.@coxhaus Quad 9 doesn't seem to have as much latency as it once had when I last tried it a while back, Cloudflare is still faster but not enough for me to notice.
You can try the combination of redirecting all DNS queries on port 53 on the firewall and additionally using pfblockerng with DNSBL & IP DoH blocklists plus the DoH/DoT block option under "DNSBL Safe Search". Then users on your network "for the most part" should be forced to go through unbound on the firewall. That's the way I do it.
The caching is so much better now and longer lasting that I don't think you need all those DNS servers like in the old days.
Last edited: