For years my home DNS just pointed at whatever resolver my ISP handed out, or at one of the public ones when I felt clever. Both work fine until they do not, and "until they do not" tends to arrive at the worst possible moment, with everyone in the house deciding the internet is broken when it is only DNS.
So I now run my own recursive resolver. Not a forwarder that asks someone else and caches the answer, but a proper recursive resolver that talks to the root servers and walks the tree itself. The tool is Unbound, it runs in a tiny container, and the whole thing is about a dozen lines of config.
why bother
Three reasons, none of them about speed, because honestly the speed difference is marginal once the cache warms up.
First, privacy. My query for every domain I visit no longer goes to a single third party who can build a rather complete picture of my browsing. Unbound asks the authoritative servers directly, query by query, and nobody sees the whole stream.
Second, control. When I am testing something I can override a record locally, point a hostname wherever I like, and not wait on TTLs from someone else's zone. Split-horizon DNS for internal services is trivial.
Third, it does not depend on a service that can have a bad day. Public resolvers are excellent, but they are also a single dependency for the entire household, and I would rather own that failure than rent it.
the config that matters
The defaults are sensible, so the config is mostly about turning on the good bits:
server:
interface: 0.0.0.0
access-control: 192.168.0.0/16 allow
do-not-query-localhost: no
prefetch: yes
prefetch-key: yes
qname-minimisation: yes
harden-glue: yes
harden-dnssec-stripped: yes
cache-min-ttl: 300
cache-max-ttl: 86400
qname-minimisation is the privacy one: it only sends each authoritative server the part of the name it actually needs to answer, rather than handing the root servers your full hostname for no reason. prefetch quietly refreshes popular records before they expire, so the cache rarely goes cold on the names you actually use. DNSSEC validation is on, so I get a small but real guarantee that answers have not been tampered with in flight.
Point everything at it, set a sane fallback in case the box reboots, and that is essentially it. It has been running for a couple of months now and I have stopped thinking about DNS, which is the highest praise I can give any piece of infrastructure. The only time I notice it is when I deliberately go and look at the query log, and watching the recursion happen in real time is oddly satisfying. It turns out DNS is a lovely bit of distributed systems design once you stop outsourcing it.