diff --git a/etc/unbound/unbound.conf.d/dns-over-tls.conf b/etc/unbound/unbound.conf.d/dns-over-tls.conf
index 36e198ce..cc1f0a6e 100644
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@@ -17,9 +17,30 @@ forward-zone:
 	name: "."
 	forward-tls-upstream: yes
 
-	# https://appliedprivacy.net/services/dns/ - Vienna, Austria
+	# https://appliedprivacy.net/services/dns/ - Vienna, Austria, no ECS
 	forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
 	forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
+	forward-addr: 2a02:1b8:10:234::2@853#dot1.applied-privacy.net
+	forward-addr: 146.255.56.98@853#dot1.applied-privacy.net
+
+	# Quad9 unfiltered, anycast, no ECS, no DNSSEC (Unbound does that)
+	forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
+	forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
+	forward-addr: 149.112.112.10@853#dns10.quad9.net
+	forward-addr: 149.112.112.10@8853#dns10.quad9.net
+	forward-addr: 2620:fe::10@853#dns10.quad9.net
+	forward-addr: 2620:fe::10@8853#dns10.quad9.net
+	forward-addr: 9.9.9.10@853#dns10.quad9.net
+	forward-addr: 9.9.9.10@8853#dns10.quad9.net
+	# Quad9 unfiltered, anycast, ECS, no DNSSEC (Unbound does that)
+	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net
+	#forward-addr: 9.9.9.12@853#dns12.quad9.net
+	#forward-addr: 9.9.9.12@8853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@853#dns12.quad9.net
+	#forward-addr: 2620:fe::12@8853#dns12.quad9.net
+	#forward-addr: 149.112.112.12@853#dns12.quad9.net
+	#forward-addr: 149.112.112.12@8853#dns12.quad9.net
 
 	# https://www.dns0.eu/open https://www.dns0.eu/network - French based. Private ECS
 	forward-addr: 193.110.81.254@853#open.dns0.eu