The existing dnsovertls*.sinodun.com servers were only expected to be used on a short-term proof of concept basis and so those servers will need to be retired later this year. The 0.4.0 release of stubby will make no change to the default server list, but will announce the intention to change it in the 0.5.0 release.

The existing default servers are all unicast and all based in Europe. Since many anycast public DoT resolvers with good privacy polices are now available, the getdns/stubby developers are discussing options for the future content of the default servers. That includes:

1. Retaining just the getdnsapi.net server as the default and more strongly encouraging users to make their own decision about what servers to use

2. Switching to just use a public resolver

There are several candidates for a public resolver but two under consideration are:

• Using Quad9 (9.9.9.9). This is an anycast service with a large footprint, with an strong privacy policy, but this address does minimally filter responses on purely security grounds: https://quad9.net/ (Their 9.9.9.10 address does not filter, but does not do DNSSEC)
• Using Adguard's 'unfiltered' service (dns-unfiltered.adguard.com). This is an anycast service, with strong privacy policy.

If users have comments or experience of these or other resolvers, please add them to this issue.