diff --git a/hosts/orion/modules/networking.nix b/hosts/orion/modules/networking.nix
index 2ab00ba..b7ab170 100644
--- a/hosts/orion/modules/networking.nix
+++ b/hosts/orion/modules/networking.nix
@@ -19,7 +19,12 @@ let
     "194.242.2.2#dns.mullvad.net"
     "2a07:e340::2:853#dns.mullvad.net"
   ];
-  resolved_fallback_nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
+  resolved_fallback_nameservers = [
+    "1.1.1.1#cloudflare-dns.com"
+    "1.0.0.1#cloudflare-dns.com"
+    "2606:4700:4700::1111#cloudflare-dns.com"
+    "2606:4700:4700::1001#cloudflare-dns.com"
+  ];
 in
 {
   systemd.network = {
@@ -67,15 +72,16 @@ in
 
   services.resolved = {
     enable = true;
-    dnssec = "true";
-    domains = [ "~." ];
+    dnssec = "allow-downgrade";
+    domains = resolved_nameservers;
     fallbackDns = resolved_fallback_nameservers;
-    llmnr = "true";
+    llmnr = "resolve";
     extraConfig = ''
       MulticastDNS=yes
       DNSOverTLS=yes
       CacheFromLocalhost=no
       Cache=yes
+      Domains=~.
     '';
   };
   networking = {