[Resolve]
DNS=2620:fe::9 149.112.112.112 2620:fe::fe 9.9.9.9
Domains=~.
DNSSEC=true
DNSOverTLS=opportunistic
Cache=true

# Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS
# (systemd v237)

# Sources:
# https://wiki.archlinux.org/index.php/Systemd-resolved
# * request for strict DOT: https://github.com/systemd/systemd/issues/10755
# * vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
# https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
# * I wouldn't have found having to set `~.` without this.

# DNSOverTLS became supported in v239, strict mode (yes) in v243 (big
# improvements in v244).