We have a very strict policy against logging, tracking or any form of censorship. You can read more about our ethos, here.
All server endpoints support DNS over HTTPS (port 443) and DNS over TLS (port 853). We support both TLS 1.2 and TLS 1.3 protocols.
Our DNS resolvers are pre-fetched and cached with Alexa's top million most visited websites including static resources (like CDNs). We've also optimized the root servers in each location to better decrease latency for DNSSEC validation.
We do NOT utilize government or government subsidized root servers for DNSSEC validation. We also apply QNAME minimization and aggressive NSEC to further increase privacy.