systemd-resolved & unbound: let's not pretend I am not using Quad9 ECS

etc/systemd/resolved.conf.d/10-dot-quad9.conf

@@ -3,14 +3,14 @@
 # encryption, but host a Quad9 node and giving these addresses instead.
 [Resolve]
 # Secure
-DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
+#DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
-DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net
+#DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net
 # No Threat Blocking
 #DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net [2620:fe::10]:8853#dns10.quad9.net [2620:fe::fe:10]:8853#dns10.quad9.net
 #DNS=149.112.112.10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10:8853#dns10.quad9.net 9.9.9.10:8853#dns10.quad9.net
-# Secure + ECS
+# Secure + ECS. IPv4 first so it gets preferred as my Unbound likely prefers IPv6 anyway.
-#DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
+DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
-#DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
+DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
 # No Threat Blocking + ECS
 #DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net
 #DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net

etc/unbound/unbound.conf.d/dot-quad9.conf

@@ -17,14 +17,14 @@ forward-zone:
 	name: "."
 	forward-tls-upstream: yes
 	## Secure
-	forward-addr: 2620:fe::fe@853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@853#dns.quad9.net
-	forward-addr: 2620:fe::fe@8853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@8853#dns.quad9.net
-	forward-addr: 2620:fe::9@853#dns.quad9.net
+	#forward-addr: 2620:fe::9@853#dns.quad9.net
-	forward-addr: 2620:fe::9@8853#dns.quad9.net
+	#forward-addr: 2620:fe::9@8853#dns.quad9.net
-	forward-addr: 9.9.9.9@853#dns.quad9.net
+	#forward-addr: 9.9.9.9@853#dns.quad9.net
-	forward-addr: 9.9.9.9@8853#dns.quad9.net
+	#forward-addr: 9.9.9.9@8853#dns.quad9.net
-	forward-addr: 149.112.112.112@853#dns.quad9.net
+	#forward-addr: 149.112.112.112@853#dns.quad9.net
-	forward-addr: 149.112.112.112@8853#dns.quad9.net
+	#forward-addr: 149.112.112.112@8853#dns.quad9.net
 	## No Threat Blocking
 	#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
 	#forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
@@ -35,14 +35,14 @@ forward-zone:
 	#forward-addr: 9.9.9.10@853#dns10.quad9.net
 	#forward-addr: 9.9.9.10@8853#dns10.quad9.net
 	## Secure + ECS
-	#forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@8853#dns11.quad9.net
+	forward-addr: 9.9.9.11@8853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::11@8853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@8853#dns11.quad9.net
+	forward-addr: 149.112.112.11@8853#dns11.quad9.net
 	## No Threat Blocking + ECS
 	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
 	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net