All DNS servers will expose the source IP's internet name request unless they explicitly do not log or have not configured logging, which is irresponsible if one wants to know how their server is used, for stability reasons. A server administrator or operator cannot prevent a distributed denial of service attack effectively if they do not log and expose the source IP of the name request. It's very difficult to pinpoint a DDoS attack from other log sources, such as hardware firewall logs, as many attacks span multiple IP ranges while keeping the total sessions per IP down, effectively cloaking itself from other legitimate DNS internet requests. The only way to mitigate an attack is to see the log of the name request itself so it can be nipped in the bud.
I run pfSense for my firewall. It has a DNS resolver, which goes right to the root DNS servers, bypassing Google, etc..If I were really concerned about privacy then I would use the DNS servers available from a proxy service provider. None of them showed up in the DNSBench server list so I would have some concerns about their reliability and speed, as well as the higher profile using their servers might create.
pfSense is great. I took an old Nortel Contivity Firewall in 2012 one time and overwrote the firmware with pfSense...it was a fruitful and beneficial experience for the corporation, because it was able to work in a fanless appliance instead of having to load it up in a desktop or laptop. The server room was a tiny poorly ventilated closet...I run pfSense for my firewall. It has a DNS resolver, which goes right to the root DNS servers, bypassing Google, etc..
I said "really concerned" as opposed to just concerned. Maybe I should have said, "If I were really paranoid about privacy".Regarding your second paragraph where you prefaced with "If I were really concerned about privacy".