diff --git a/etc/NetworkManager/dnsmasq.d/mikaela.conf b/etc/NetworkManager/dnsmasq.d/mikaela.conf
index 94692558..a2d58c5c 100644
--- a/etc/NetworkManager/dnsmasq.d/mikaela.conf
+++ b/etc/NetworkManager/dnsmasq.d/mikaela.conf
@@ -9,6 +9,10 @@ listen-address=::1,127.0.0.1
 #                  dnsmasq-base on Ubuntu
 dnssec
 
-# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be
-# enabled if they ever stop that behaviour (I hope).
-#dnssec-check-unsigned
+# Verify that DNSSEC is not stripped. This breaks OpenDNS, but at time
+# of writing I don't care about OpenDNS as them not supporting DNSSEC is
+# their issue, not my issue.
+# https://support.opendns.com/hc/en-us/community/posts/220015487-Implement-DNSSEC
+# https://support.opendns.com/hc/en-us/community/posts/220018307-DNSSEC-on-resolver-side
+# https://support.opendns.com/hc/en-us/community/posts/220022287-support-for-DNSSEC
+dnssec-check-unsigned