dns.cmrg.net
------------

This is an open DNS resolver, offering only DNS-over-TLS (RFC 7858).

    hostname: dns.cmrg.net
IPv4 address: 199.58.81.218
IPv6 address: 2001:470:1c:76d::53
    TCP port: 853 or 443 or 53053
    OOB Pins: 3IOHSS48KOc/zlkKGtI46a9TY9PPKDVGhE3W2ZS4JZo=
              5zFN3smRPuHIlM/8L+hANt99LW26T97RFHqHv90awjo=

--------------

To use this on a Debian system using stretch-backports or later, you
can set up a local forwarding stub resolver with:


apt install knot-resolver ca-certificates
cat >> /etc/knot-resolver/kresd.conf <<EOF
policy.add(policy.all(policy.TLS_FORWARD({
 {'199.58.81.218', hostname='dns.cmrg.net', ca_file='/etc/ssl/certs/ca-certificates.crt'},
 {'2001:470:1c:76d::53', hostname='dns.cmrg.net', ca_file='/etc/ssl/certs/ca-certificates.crt'},
})))
EOF


And then just ensure that /etc/resolv.conf points to:

nameserver 127.0.0.1