resolved.conf.d/README.md: mention 00-defaults and dot-something being supposed to be used together

etc/systemd/resolved.conf.d/00-defaults.conf

@@ -7,3 +7,6 @@
 DNSSEC=yes
 DNSOverTLS=opportunistic
 Cache=yes
+DNS=127.0.0.1
+DNS=::1
+Domains=~.

etc/systemd/resolved.conf.d/README.md

@@ -11,11 +11,12 @@ sudo systemctl restart systemd-resolved
 
 ## Files explained
 
-- `00-defaults.conf` - configuration not touching resolvers. Enables DNSSEC
+- `00-defaults.conf` - configuration that should be used everywhere.
-  (regardless of systemd-resolved not handling it properly), enables
+  Enables DNSSEC (regardless of systemd-resolved not handling it properly),
-  opportunistic DoT and caching.
+  enables opportunistic DoT, caching and local DNS servers.
 - `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
-  captive portals are a concern, `DNSOverTLS=no`.
+  captive portals are a concern, `DNSOverTLS=no`. At least one of these
+  should be used in addition to `00-defaults.conf`
 - `README.md` - you are reading it right now.
 
 ## General commentary

etc/systemd/resolved.conf.d/dot-adguard.conf

@@ -2,8 +2,4 @@
 DNS=2a10:50c0::ad1:ff#dns.adguard.com 94.140.14.14#dns.adguard.com 2a10:50c0::ad2:ff#dns.adguard.com 94.140.15.15#dns.adguard.com
 # Uncomment for port 443 resolver
 #DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-Domains=~.
+#DNSOverTLS=yes
-DNSOverTLS=yes
-Cache=yes
-
-# Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html

etc/systemd/resolved.conf.d/dot-cloudflare.conf

@@ -2,6 +2,4 @@
 DNS=2606:4700:4700::1111#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 1.1.1.1#cloudflare-dns.com
 # Uncomment for port 443 resolver
 #DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-Domains=~.
+#DNSOverTLS=yes
-DNSOverTLS=yes
-Cache=yes

etc/systemd/resolved.conf.d/dot-dns0.conf

@@ -5,6 +5,4 @@ DNS=2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 193.110.81.0#dns0.eu 185.253.5.0#dns
 #DNS=2a0f:fc80::9#zero.dns0.eu 2a0f:fc81::9#zero.dns0.eu 193.110.81.9#zero.dns0.eu 185.253.5.9#zero.dns0.eu
 # Uncomment for port 443 resolver
 #DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-Domains=~.
+#DNSOverTLS=yes
-DNSOverTLS=yes
-Cache=yes

etc/systemd/resolved.conf.d/dot-mullvad.conf

@@ -6,6 +6,4 @@ DNS=2a07:e340::2#dns.mullvad.net 194.242.2.2#dns.mullvad.net
 #DNS=2a07:e340::9#all.dns.mullvad.net 194.242.2.9#all.dns.mullvad.net
 # Uncomment for port 443 resolver
 #DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-Domains=~.
+#DNSOverTLS=yes
-DNSOverTLS=yes
-Cache=yes

etc/systemd/resolved.conf.d/dot-quad9.conf

@@ -4,6 +4,4 @@
 DNS=2620:fe::11#dns11.quad9.net 149.112.112.11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net 9.9.9.11#dns11.quad9.net
 # Uncomment for port 443 resolver
 #DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-Domains=~.
+#DNSOverTLS=yes
-DNSOverTLS=yes
-Cache=yes

etc/systemd/resolved.conf.d/nordvpn.conf

@@ -1,10 +1,3 @@
 [Resolve]
-DNSSEC=yes
-DNSOverTLS=no
-Cache=yes
 DNS=2400:bb40:4444::103 2400:bb40:8888::103 ::1
 DNS=103.86.96.100 103.86.99.100 127.0.0.1
-# DNS0.eu/open since I am unsure of the above working without NordVPN with the
-# exception of Unbound
-DNS=2a0f:fc80::ffff 2a0f:fc81::ffff 193.110.81.254 185.253.5.254
-Domains=~.

etc/systemd/resolved.conf.d/unbound.conf

@@ -1,12 +0,0 @@
-# For binding systemd-resolved to Unbound
-[Resolve]
-DNS=127.0.0.1
-DNS=::1
-Domains=~.
-# Done better by Unbound, no failed-auxiliary (https://github.com/systemd/systemd/issues/9867)
-#DNSSEC=allow-downgrade
-DNSSEC=yes
-# Not needed on localhost
-DNSOverTLS=no
-# Done by Unbound
-Cache=no