diff --git a/etc/NetworkManager/dnsmasq.d/mikaela.conf b/etc/NetworkManager/dnsmasq.d/mikaela.conf
new file mode 100644
index 00000000..94692558
--- /dev/null
+++ b/etc/NetworkManager/dnsmasq.d/mikaela.conf
@@ -0,0 +1,14 @@
+# Default 150, 10 000 probably won't hurt with RAM of modern devices
+cache-size=10000
+
+# Also listen on IPv6 localhost
+listen-address=::1,127.0.0.1
+
+# Attempt to verify DNSSEC
+# ln -s /usr/share/dnsmasq/trust-anchors.conf trust-anchors.conf
+#                  dnsmasq-base on Ubuntu
+dnssec
+
+# Verify that DNSSEC is not stripped, disabled thanks to OpenDNS, to be
+# enabled if they ever stop that behaviour (I hope).
+#dnssec-check-unsigned
diff --git a/etc/NetworkManager/dnsmasq.d/trust-anchors.conf b/etc/NetworkManager/dnsmasq.d/trust-anchors.conf
new file mode 120000
index 00000000..f7530329
--- /dev/null
+++ b/etc/NetworkManager/dnsmasq.d/trust-anchors.conf
@@ -0,0 +1 @@
+/usr/share/dnsmasq/trust-anchors.conf
\ No newline at end of file