New Pi-hole KVM VPS Installation

Installed Pi-hole today first time:

Ubuntu 16 KVM VPS (GigE Uplink)
Cloudflare DNS Upstream

All default blacklists plus all these:

Using single static IP on the VPS (no DHCP). Enabled DNSSEC and left default " Listen only on interface eth0" setting checked.

Question: any security tips and speed improvement suggestions? VPS runs on SSD and located in NYC area. GigE uplink port speed.

Anyone have suggestions?