I think I will chose 220.127.116.11
Is DNSSEC and DNS over TLS set by default?
Do I just have to change the IP address in the unbound config file?
Does DNS over TLS doesn’t need a key or something within the config?
Good, major providers are typically more fault-tolerant.
Yep, for Cloudflare.
The server certificate should be verified using the
ca-bundle package and the option
tls_index in the unbound config that you should specify according to the link above.
I think I got it...
What does Encrypted SNI mean? Is this relevant for a privat person?
If I get it right the only thing that is visible is, that I am making TLS requests to 18.104.22.168, right?
ESNI/ECH is a separate feature related to HTTP/HTTPS protocols with its own security implications:
Its support relies on the web server and client browser, so it's unrelated to OpenWrt.
Okay. Thank you very much!
Everything works now as excepted!
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.