Proper DNS setup for a Linux client

Hi community

I am using arch linux and would like to setup my computer to resolve anything through cloudflare in the most secure way. I am using network-mannager, resolvconf and unbound. Networkmanager has no global DNS setting, so I configured resolvconf to always use the local host as DNS where unbound is listening for requests. This should totally ignore the DNS settings I am getting from DHCP servers.

My unbound forward zone config is:

forward-zone:
  name: "."
   forward-tls-upstream: yes
  ## Cloudflare DNS
  forward-addr: [email protected]
  forward-addr: [email protected]
  ## IPv6  Cloudflare DNS over TLS
  forward-addr: 2606:4700:4700::[email protected]
  forward-addr: 2606:4700:4700::[email protected]

Everything seems to work. I can see with tcpdump that DNS requests are encrypted and go to cloudflare servers, even though network-manager tells me something else.

However, 1.1.1.1/help tells me I am neither connected to 1.1.1.1, nor using DoH/DoT/WARP. What is this check actually doing? How can I make sure, my setup is proper?

Any more recommendations?

https://1.1.1.1/help#eyJpc0NmIjoiTm8iLCJpc0RvdCI6Ik5vIiwiaXNEb2giOiJObyIsInJlc29sdmVySXAtMS4xLjEuMSI6IlllcyIsInJlc29sdmVySXAtMS4wLjAuMSI6IlllcyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjExMTEiOiJObyIsInJlc29sdmVySXAtMjYwNjo0NzAwOjQ3MDA6OjEwMDEiOiJObyIsImRhdGFjZW50ZXJMb2NhdGlvbiI6IkJPRyIsImlzV2FycCI6Ik5vIiwiaXNwTmFtZSI6IkNsb3VkZmxhcmUiLCJpc3BBc24iOiIxMzMzNSJ9

Noone? :frowning: