Thank you for the information and your reply, sdayman. It seems our setup is very similar. Before making changes in my router, the router automatically handled dns. I changed that, by adding Cloudflare servers, turning on DNSSEC and dns rebind protection.
Prior to installing the cloudflare app, when testing rebind protection, a notice would pop up in my router log. I no longer get those notices, with the app running.
DNSSEC and rebind is definitely enabled in router. Why would that be? Does the app intercept those attempts?
Sorry for all these questions.