Quad9

Quad9 provides DNS security via encrypted DNS queries, blocking malicous domains and botnets by default.

Install

 $ sudo add-apt-repository universe && sudo apt update 
 $ sudo apt install -y stubby resolvconf network-manager lynx
 $ sudo mv /etc/stubby/stubby.yml /etc/stubby/stubby.backup.yml && sudo wget -O /etc/stubby/stubby.yml https://support.quad9.net/hc/en-us/article_attachments/4411087149453/stubby.yml
 $ sudo systemctl enable --now resolvconf.service
 $ sudo su -c "echo 'nameserver 127.0.0.1' >> /etc/resolvconf/resolv.conf.d/head"
 $ sudo resolvconf -u
 $ sudo systemctl restart systemd-resolved.service && sudo systemctl restart network-manager 
 $ sudo service stubby restart
 $ sudo ufw allow out 853/tcp

Test

 $ lynx https://on.quad9.net/

References

 https://askubuntu.com/questions/1280277/how-to-change-dns-server-permanently-on-ubuntu-20-04
 https://support.quad9.net/hc/en-us/articles/4409217364237-DNS-over-TLS-Ubuntu-18-04-20-04-Stubby-
 https://www.techrepublic.com/article/how-to-use-dns-over-tls-on-ubuntu-linux/