diff --git a/etc/systemd/resolved.conf.d/quad9.conf b/etc/systemd/resolved.conf.d/quad9.conf
index 66f296e4..83d17cea 100644
--- a/etc/systemd/resolved.conf.d/quad9.conf
+++ b/etc/systemd/resolved.conf.d/quad9.conf
@@ -5,7 +5,8 @@ DNSSEC=true
 DNSOverTLS=opportunistic
 Cache=true
 
-# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS.
+# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS
+# (systemd v237)
 
 # Sources:
 # https://wiki.archlinux.org/index.php/Systemd-resolved
@@ -13,3 +14,6 @@ Cache=true
 # * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
 # https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
 # * I wouldn't have found having to set `~.` without this.
+
+# DNSOverTLS became supported in v239, strict mode (yes) in v243 (big
+# improvements in v244).