diff --git a/etc/systemd/resolved.conf.d/90-working-dns.conf b/etc/systemd/resolved.conf.d/90-working-dns.conf
index 0d654991..c865e932 100644
--- a/etc/systemd/resolved.conf.d/90-working-dns.conf
+++ b/etc/systemd/resolved.conf.d/90-working-dns.conf
@@ -1,8 +1,9 @@
+# SECURITY WARNING! This provides a false sense of security.
 [Resolve]
 DNS=
 DNS=::1 127.0.0.1
-DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
-#DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net 149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
+#DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
+DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net 149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
 DNS=2a13:1001::86:54:11:201#protective.joindns4.eu 2a13:1001::86:54:11:1#protective.joindns4.eu 86.54.11.201#protective.joindns4.eu 86.54.11.1#protective.joindns4.eu
 #DNS=2606:4700:4700::1112#security.cloudflare-dns.com 2606:4700:4700::1002#security.cloudflare-dns.com 1.1.1.2#security.cloudflare-dns.com 1.0.0.2#security.cloudflare-dns.com
 FallbackDNS=
diff --git a/etc/unbound/unbound.conf.d/dns-over-tls.conf b/etc/unbound/unbound.conf.d/dns-over-tls.conf
index 5a472517..52eb00a5 100644
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@@ -45,24 +45,24 @@ forward-zone:
 	#forward-addr: 2606:1a40:1::@853#s0.freedns.controld.com
 
 	# Quad9 unfiltered, anycast, no ECS, no DNSSEC (Unbound does that)
-	forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
-	forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
-	forward-addr: 149.112.112.10@853#dns10.quad9.net
-	forward-addr: 149.112.112.10@8853#dns10.quad9.net
-	forward-addr: 2620:fe::10@853#dns10.quad9.net
-	forward-addr: 2620:fe::10@8853#dns10.quad9.net
-	forward-addr: 9.9.9.10@853#dns10.quad9.net
-	forward-addr: 9.9.9.10@8853#dns10.quad9.net
+	#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
+	#forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
+	#forward-addr: 149.112.112.10@853#dns10.quad9.net
+	#forward-addr: 149.112.112.10@8853#dns10.quad9.net
+	#forward-addr: 2620:fe::10@853#dns10.quad9.net
+	#forward-addr: 2620:fe::10@8853#dns10.quad9.net
+	#forward-addr: 9.9.9.10@853#dns10.quad9.net
+	#forward-addr: 9.9.9.10@8853#dns10.quad9.net
 
 	# Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that)
-	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
-	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
-	#forward-addr: 9.9.9.12@853#dns12.quad9.net
-	#forward-addr: 9.9.9.12@8853#dns12.quad9.net
-	#forward-addr: 2620:fe::12@853#dns12.quad9.net
-	#forward-addr: 2620:fe::12@8853#dns12.quad9.net
-	#forward-addr: 149.112.112.12@853#dns12.quad9.net
-	#forward-addr: 149.112.112.12@8853#dns12.quad9.net
+	forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
+	forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
+	forward-addr: 9.9.9.12@853#dns12.quad9.net
+	forward-addr: 9.9.9.12@8853#dns12.quad9.net
+	forward-addr: 2620:fe::12@853#dns12.quad9.net
+	forward-addr: 2620:fe::12@8853#dns12.quad9.net
+	forward-addr: 149.112.112.12@853#dns12.quad9.net
+	forward-addr: 149.112.112.12@8853#dns12.quad9.net
 
 	# Adguard DNS Unfiltered Anycast. Malta based. Private ECS.
 	forward-addr: 2a10:50c0::1:ff@853#unfiltered.adguard-dns.com
diff --git a/etc/unbound/unbound.conf.d/dot-cloudflare-dns4eu-quad9.conf b/etc/unbound/unbound.conf.d/dot-cloudflare-dns4eu-quad9.conf
index d24515aa..a4a15a25 100644
--- a/etc/unbound/unbound.conf.d/dot-cloudflare-dns4eu-quad9.conf
+++ b/etc/unbound/unbound.conf.d/dot-cloudflare-dns4eu-quad9.conf
@@ -27,24 +27,24 @@ forward-zone:
 	forward-addr: 1.0.0.2@853#security.cloudflare-dns.com
 
 	# Quad9 malicious domain blocking without ECS
-	forward-addr: 2620:fe::fe@8853#dns.quad9.net
-	forward-addr: 2620:fe::9@8853#dns.quad9.net
-	forward-addr: 9.9.9.9@8853#dns.quad9.net
-	forward-addr: 149.112.112.112@8853#dns.quad9.net
-	forward-addr: 2620:fe::fe@853#dns.quad9.net
-	forward-addr: 2620:fe::9@853#dns.quad9.net
-	forward-addr: 9.9.9.9@853#dns.quad9.net
-	forward-addr: 149.112.112.112@853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@8853#dns.quad9.net
+	#forward-addr: 2620:fe::9@8853#dns.quad9.net
+	#forward-addr: 9.9.9.9@8853#dns.quad9.net
+	#forward-addr: 149.112.112.112@8853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@853#dns.quad9.net
+	#forward-addr: 2620:fe::9@853#dns.quad9.net
+	#forward-addr: 9.9.9.9@853#dns.quad9.net
+	#forward-addr: 149.112.112.112@853#dns.quad9.net
 
 	# Quad9 malicious domain blocking with ECS
-	#forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@8853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@8853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@8853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@8853#dns11.quad9.net
 
 	# DNS4EU malicious domain blocking
 	forward-addr: 2a13:1001::86:54:11:201@853#protective.joindns4.eu
diff --git a/etc/unbound/unbound.conf.d/dot-dns4eu-quad9.conf b/etc/unbound/unbound.conf.d/dot-dns4eu-quad9.conf
index 7c8c7bc8..2fac30b3 100644
--- a/etc/unbound/unbound.conf.d/dot-dns4eu-quad9.conf
+++ b/etc/unbound/unbound.conf.d/dot-dns4eu-quad9.conf
@@ -15,23 +15,23 @@ forward-zone:
 	name: "."
 	forward-tls-upstream: yes
 	## Quad9 Secure
-	forward-addr: 2620:fe::fe@8853#dns.quad9.net
-	forward-addr: 2620:fe::9@8853#dns.quad9.net
-	forward-addr: 9.9.9.9@8853#dns.quad9.net
-	forward-addr: 149.112.112.112@8853#dns.quad9.net
-	forward-addr: 2620:fe::fe@853#dns.quad9.net
-	forward-addr: 2620:fe::9@853#dns.quad9.net
-	forward-addr: 9.9.9.9@853#dns.quad9.net
-	forward-addr: 149.112.112.112@853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@8853#dns.quad9.net
+	#forward-addr: 2620:fe::9@8853#dns.quad9.net
+	#forward-addr: 9.9.9.9@8853#dns.quad9.net
+	#forward-addr: 149.112.112.112@8853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@853#dns.quad9.net
+	#forward-addr: 2620:fe::9@853#dns.quad9.net
+	#forward-addr: 9.9.9.9@853#dns.quad9.net
+	#forward-addr: 149.112.112.112@853#dns.quad9.net
 	# Quad9 Secure + ECS
-	#forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@8853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@8853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@8853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@8853#dns11.quad9.net
 	# DNS4EU Protective
 	forward-addr: 2a13:1001::86:54:11:201@853#protective.joindns4.eu
 	forward-addr: 2a13:1001::86:54:11:1@853#protective.joindns4.eu