1.1.1.1: Fast, privacy-first consumer DNS service

This is bad, bad, bad advice. You don't set the DNS on your local machine. That breaks things. The DNS needs to be set at the gateway. If you change your PC/mac's DNS to an external service, you won't be able to resolve any addresses on the local network.

Come on, CloudFlare. You guys know better than that. Please stop breaking the (local) internet.

Ordinary users don't have anything that resolves to local IPs, so this is a non-issue for just about anybody. Plus, many if not most ISP-provided modem-router-AP-boxes don't let you configure the DNS server they use, making your recommendation impossible to follow for most users. Someone who runs services on their local network likely knows enough to do as you say, but for 99% of people, these instructions are exactly what they need.

I have couple machines in a local network and never cared about them beeing discovarable /sharing between.

This is useful for use cases for which that doesn't matter. Using your computer or devices at home, on your own wifi, where there is no need to resolve local addresses. Or on public wifi, such as in a café, where there is no need to resolve local addresses, and you don't control the gateway.

How many people have local DNS at home? Not many, I'd wager. How many know how to access their router? Also not many.

Besides, "In your router’s configuration page, locate the DNS server settings."

Perhaps you missed the sections near the top titled "DNS's Privacy Problem" and "DNS's Censorship Problem" which explain why not everybody can trust their network operator?

I've been running my own DNS servers since 1996, when I had my first dedicated connection (an ISDN line.) I never use my ISP's DNS.

Most people own printers and other devices that use local DNS.

Don’t presume that joe public is a simpleton. Millions of people are not.

This is bad. To run your own local DNS server is a part of good parenting. So, to break local services is very bad for us responsible parents, to say the least. I block all outbound DNS lookup except to my ISP. Sometime I redirect lookups to other resolvers (eg. 8.8.8.8) to my local DNS server. I don’t care if some app breaks because of this. Often it’s because of bad programming. So, don’t break local DNS!

> If you change your PC/mac's DNS to an external service, you won't be able to resolve any addresses on the local network.

What does this mean? I have 8.8.8.8/8.8.4.4 set and they work fine for resolving things on my local network?

I can even connect to things with avahi like `xxyyzz.local`.

Why not just use avahi-daemon?

Zeroconf (Avahi/Bonjour) takes care of making that wireless printer work regardless of which DNS server you’re using.

I’m not insinuating that “joe public” is dumb. He just doesn’t need to care about DNS on his local network, there’s software that handles it for him.

Yes! People are smart enough to handle most things. But they don't have time or attention to handle all the things. When we're making technology for users, we should do our best to make sure they only have to learn about the things that are important to them.

Unbound lets you forward queries to nameservers matched by the query (sub-)domain.

*.internal queries can be sent to the local nameserver, for example, while others can be forwarded to the public nameserver.

Minimal unbound.conf example:

    forward-zone:
        name: "."
        forward-addr: 1.1.1.1
    forward-zone:
        name: "internal"
        forward-addr: 10.0.0.1

Unbound also supports DNS-over-TLS, although stubby's implementation is much better. It's usually ideal to forward to a local stubby instance instead.

Here in Hacker News: Many.

Exactly. HN is a bubble, and I think people forget they don't represent the average consumer.

You're not typical of the average consumer, though. Don't forget that HN is a particularly technical crowd, so you can't use it to judge how technically competent Internet users are.