Hi all,
I have the impression that DNS questions should get more attention than
the often attract, with the purpose of caching, anonymity, censorship
prvention & securing against DNS manipulation. Let me start my question
with a citation, that -at the end- is not that surprising:
"more than two-thirds of the encrypted DNS resolvers manipulate at least
one domain’s DNS response, showing that the DNS manipulation in the
encrypted DNS is even more prevalent than that in the traditional DNS,
where only 11% of the resolvers have been identified to manipulate DNS
responses."
source:
https://digitalcommons.odu.edu/cgi/viewcontent.cgi?article=1195&context=computerscience_fac_pubs
Somehow, people who feel that their traffic should be anonymous are
surveilled / manipulated with higher energy 
Of course you may answer
to use TOR at all times, but at the end of the day, that does not work
-- many sites either block or limit TOR traffic, etc.
And I ignore if TOR does use "cross checking requests" to detect
manipulation? The question of " best practice " seems non-trivial to me.
Setting up a DNS qube seems a good idea as such, but what kind of
software can trustworthily be run on such a qube??
Thank you for any helpful comment, Bernhard