> My recommendation for DNS - on servers - would be to install unbound locally and use that

And now your developers are running around and cursing you because nothing works anymore.

Because Docker silently retargets the interna Docker resolver to 8.8.8.8 if it sees 127.0.0.1 as a resolver address on the host.

Because people who wrote Docker have no fucking clue how the system works.

NB: see https://news.ycombinator.com/item?id=47441785 to solve the Docker issue with a local resolver.

> It's not great for clients since it doesn't deal well with frequently changing network connectivity

This is is something Linux specific I guess, I run Unbound locally on my Windows laptops for years and never had a problem which would require the Unbound restart.

> which implies flushing all cached data

It doesn't really matters in 2026. Just look in your cache and note the default TTLs for like 90% of records.