Unbound is a a very secure non-authoritative, validating, recursive, caching DNS resolver, with support for DNSSEC validation.
It is designed to be fast and lean and incorporates modern features based on open standards.
It is written with a high security focus!
Unbound is not as feature rich as Bind, but it is easy to configure and quick to set up.
Unbound communicates directly with the root servers on the internet and the other authoritative domain name servers, so does not use Cloudflare, Google or any of the others. The DNS traffic is not encrypted but it is authenticated for validity.
Configure Encrypted DNS with Caching
Configure Unbound as a simple forwarding DNS server
Selectively override DNS records