If it’s such a reasonable default, why don’t any of the public resolvers (e.g.
1.1.1.1, 8.8.8.8, 9.9.9.9, etc.) do so?
Oh my, you walked right into that one.
https://www.quad9.net/service/threat-blocking/
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
I'm also surprised nobody seems familiar with Vixie's Response Policy
Zones, a widely supported way to put DNS filtering rules into your own DNS
cache.
https://www.first.org/resources/papers/aa-dec2021/Protective-DNS-a-Boris-Slides.pdf
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly