diff --git a/etc/systemd/resolved.conf.d/adguard-dot.conf b/etc/systemd/resolved.conf.d/adguard-dot.conf
index 6ebf6496..32f71ecc 100644
--- a/etc/systemd/resolved.conf.d/adguard-dot.conf
+++ b/etc/systemd/resolved.conf.d/adguard-dot.conf
@@ -6,7 +6,7 @@ DNS=2a10:50c0::ad1:ff#dns.adguard.com 94.140.14.14#dns.adguard.com 2a10:50c0::ad
 Domains=~.
 # non-tech friendliness in case system down for ages. Also DNSSEC ensures
 # the DNS server isn't lying which is a task of adblocking DNS server...
-DNSSEC=allow-downgrade
+DNSSEC=false
 # There is no point of disabling this with adblocking DNS
 DNSOverTLS=true
 Cache=true
diff --git a/etc/systemd/resolved.conf.d/dot-mullvad-adblock-strict.conf b/etc/systemd/resolved.conf.d/dot-mullvad-adblock-strict.conf
index b37ca0f5..1313ac60 100644
--- a/etc/systemd/resolved.conf.d/dot-mullvad-adblock-strict.conf
+++ b/etc/systemd/resolved.conf.d/dot-mullvad-adblock-strict.conf
@@ -1,6 +1,8 @@
 [Resolve]
 DNS=2a07:e340::3#adblock.doh.mullvad.net 194.242.2.3#adblock.doh.mullvad.net 193.19.108.3#adblock.doh.mullvad.net
 Domains=~.
-DNSSEC=true
+# non-tech friendliness in case system down for ages. Also DNSSEC ensures
+# the DNS server isn't lying which is a task of adblocking DNS server...
+DNSSEC=false
 DNSOverTLS=true
 Cache=true