@cybergibbons @ninkosan @hackdefense_com I did get a bit carried away and try variations, hence the length. The actual setup is quite short. There's a DoT setup guide linked there too, but if you enable ECS in unbound it'll send 127.0.0.0/8 so you get to see which upstreams have read rfc 7871 properly :D