I think my opinion is based on idea that for connection between my pc/router and dns server certificates PKI is not needed. You can just hardcode/configure public key of dns server and that is it. Similar to wireguard or ssh server.
> The project especially lists the problems of TLS. TLS is one of the most understood, tested, and well-defined protocols that can be abstracted away in implementation level.
I agree that TLS is understood, tested, used every day etc. I do not agree that you sleep calm at night. For example a few years ago [1] or [2] mozilla removed root CA from firefox for bad behavior. And you can argue everything is working properly because bad behavior was detected and removed but the thing is - you can avoid this group of problems entirely by avoiding PKI in protocol. That is why I like dnscrypt protocol more. Less problems to worry about. You only change hardcoded/configured public key if you change which dns server you are using (not a big deal). You do not have to regularly update router to keep root ca store up-to-date. Do you update your router every month? Because I do not.
[1] https://www.feistyduck.com/newsletter/issue_53_certificate_a...
[2] https://www.itbrew.com/stories/2022/12/02/mozilla-microsoft-...
I see that point. But you can do the same with DoT? Instead of public key, you just pin the cert and bypass CA in that way. And you get the perfect forward secrecy and other benefits of TLS. But this might require the regular update of certs, and does not solve your maintenance problem.