diff --git a/hosts/freun-dev/configuration.nix b/hosts/freun-dev/configuration.nix
index 13d50d7..fc7a11b 100644
--- a/hosts/freun-dev/configuration.nix
+++ b/hosts/freun-dev/configuration.nix
@@ -106,6 +106,12 @@ in
     };
   };
 
+  services.resolved = {
+    enable = true;
+    dnsovertls = "opportunistic";
+    dnssec = "allow-downgrade";
+  };
+
   services.networkd-dispatcher = {
     enable = true;
     rules."50-tailscale" = {
diff --git a/modules/services/adguardhome.nix b/modules/services/adguardhome.nix
index c347473..55891c9 100644
--- a/modules/services/adguardhome.nix
+++ b/modules/services/adguardhome.nix
@@ -46,7 +46,18 @@ in
           certificate_chain_path = "/run/credentials/adguardhome.service/fullchain.pem";
           private_key_path = "/run/credentials/adguardhome.service/key.pem";
         };
-        dns.bind_hosts = tailscaleIps;
+        dns = {
+          bind_hosts = tailscaleIps;
+          upstream_dns = [
+            "https://dns10.quad9.net/dns-query"
+            "https://cloudflare-dns.com/dns-query"
+            "https://dns.google/dns-query"
+          ];
+          fallback_dns = [
+            "https://cloudflare-dns.com/dns-query"
+            "https://dns.google/dns-query"
+          ];
+        };
       };
     };