Not sure you would even need encryption. Surely It can't be illegal to ask the root servers (and all the other DNS servers involved, because the root servers only have IPs for TLD DNS servers) for IPs
Cisco operates from the ISP side, they'll poison DNS through their routers. And you should be aware that your ISP will employ Deep Packet Inspection which can also be done with Cisco routers. That means they can intercept internet traffic, especially if your internet connection is not encrypted.
ATM I'm using Quad9 and OpenNIC but I'm not sure how much of everything do they cover. I'm also not well aware of any other good "flat DNS" alternative (aka: one you can put right into your /etc/resolv.conf / Windows LAN config, without need of extra internal service).
DNS is when your browser asks where to find a website. You enter Lemmy.One in your browser, and your browser asks the DNS resolver the address of the computer the website is hosted on.
Most people will use their internet company's DNS, and it sounds like France ordered these companies to block some illegal streaming sites by having the DNS server point to a page saying it's blocked instead of to the website server.
More technical users changed their settings to get DNS from google, Cloudflare, etc instead of the internet company, so now France is going to make those companies block the sites too.
ELI5: France is lying to your computer when it asks where to find the websites
unbound is a software that you can run anywhere to have a caching dns. opennic is a project of dns servers you can connect to to resolve dns records (think in google dns servers but run by the community). two different problem spaces. you can even use both at the same time
