Is there a clear readme on dnschain somewhere? I looked at the github repo, but still don't quite get what actual benefits it brings over running one's own dns server? Using the public server obviously still leaks metadata (who looks up what when) - not that such metadata isn't rather obvious anyway by observing traffic between ips. How is it any better than cacert? Because you pin the trust to your own ca? What stops you from doing that now (how is the trust different with dnschain?).