After installing os-unbound-plus I can set list of nameservers (i.e. 9.9.9.9@853) to use for DoT. When having this done, is unbound still recursive DNS server?
No, it is simply a Forwarder if you a forwarding all your DNS queries to a DoT provider.
Thanks. Thus either DoT or recursive DNS...
DoT should protect against DNS poisoning and ISP spying and recursive DNS could be more about securing your privacy (querying DNS Servers in "cascade" manner); am I right?
I tried something yesterday that seems to give good DNS privacy. I always have a VPN tunnel open to a public VPN connection, which is required for this. So, I configure DoT using os-unbound-plus (really nice plugin), then I confgure unbound so that the outbound requests go over the VPN tunnel. The ISP can't see DNS queries because it goes over VPN, the VPN provider can't see DNS queries because of DoT, and the DNS server only gets my public VPN address so really any DoT DNS provider can be used.