[Resolve]
# Use this together with other files other than 00-only-unbound.conf!
# https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
#DNSSEC=allow-downgrade
# Regardless of the above DNS breaking issues when DNSSEC is
# enabled/opportunistic, it provides authentication which is important. TLS
# cannot be fully trusted. https://notes.valdikss.org.ru/jabber.ru-mitm/
DNSSEC=true
DNSOverTLS=opportunistic
Cache=true
DNS=127.0.0.1
DNS=::1
Domains=~.
# .local domains
MulticastDNS=true
# Microsoft Windows compatibility?
LLMNR=true