@vcunat OK. When I was young and naive I had a public DNS server running - until the hoster disconnected it from the internet. I thought about running a public DNS-over-tls server again, without marketing though. If dns-over-tls would have suffered from the same problems as plain dns, I would have looked into adding client certificates.
the gnutls interface looks much saner then the openssl one.
Running public recursive servers, well... People wanting to attack authoritative servers can start sending queries to all public resolvers - that unavoidably results in high load on the authoritatives. One might also do the same without public resolvers, e.g. via botnets or misusing advertisement platforms, but if most resolvers were public, it would be easier.