diff --git a/etc/unbound/unbound.conf.d/plain-dns64.conf b/etc/unbound/unbound.conf.d/plain-dns64.conf
index 86f83b3f..daeae6e1 100644
--- a/etc/unbound/unbound.conf.d/plain-dns64.conf
+++ b/etc/unbound/unbound.conf.d/plain-dns64.conf
@@ -1,19 +1,11 @@
-# Legacy file, use dns-over-tls.conf instead!
+# WARNING! This is unencrypted DNS, you don't want this.
+# Check dns64-over-tls.conf instead!
+
 forward-zone:
     name: "."
     # Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
-    #forward-addr: 2001:67c:2b0::4
-    #forward-addr: 2001:67c:2b0::6
-    # Google
-    forward-addr: 2001:4860:4860::8888
-    forward-addr: 2001:4860:4860::8844
-    forward-addr: 8.8.8.8
-    forward-addr: 8.8.4.4
-    # censurfridns.dk
-    forward-addr: 2001:67c:28a4::
-    forward-addr: 91.239.100.100
-    # DNS.WATCH
-    forward-addr: 2001:1608:10:25::1c04:b12f
-    forward-addr: 2001:1608:10:25::9249:d69b
-    forward-addr: 84.200.69.80
-    forward-addr: 84.200.70.40
+    forward-addr: 2001:67c:2b0::4
+    forward-addr: 2001:67c:2b0::6
+# Google is missing, I imagine they would have the same range, but as this
+# is plaintext and I only have DS (& DS lite) hosts, this file is not a
+# priority for me.