diff --git a/applications/dns.nix b/applications/dns.nix
index 5265b55..2bca4fb 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -390,26 +390,38 @@ in {
 
       # set the upstream dns servers
       # overrides the default dns servers
-      # (pio - recommending HEANet and (Quad9 Filtered or quad9 Unfiltered) instead of Cloudflare and Google.)
-      # Google could stop DNS service at any time, and Cloudflare use your data..
       forwarders = [
-        # HEANet - ns.heanet.ie / auth-ns2.heanet.ie / auth-ns3.heanet.ie
-        # 
+        ; Name:     HEANet
+        ; DNSSEC:   not known
+        ; Details:  ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway.
+        ; Server: ns.heanet.ie        HEANet primary
         "193.1.193.194"
-      #  "193.1.247.198"
-      #  "5.196.22.225"
-        # Quad9 - malware/phish filtered, has DNSSEC validation. Pri / sec, then their IPV6 servers
-        # https://dns.quad9.net/dns-query
-      #  "9.9.9.9"
-      #  "149.112.112.112"
-      #  # "2620:fe::11
-      #  # "2620:fe::fe:11"
-        # Quad9 unfiltered, no DNSSEC validation. Pri / sec, then their IPV6 servers
-        # https://dns10.quad9.net/dns-query
+        ; Server: auth-ns2.heanet.ie  HEANet secondary (Located Germany)
+        "193.1.247.198" 
+        ; Server: auth-ns3.heanet.ie  HEANet tertiary (Ireland located)
+        # "5.196.22.225"
+        ; Name:     Quad9.net (free service - this one is malware/phish blocked). Suggesting using unfiltered as below.
+        ; DNSSEC:   available
+        ; Details:  Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query
+        ; Server: dns9.quad9.net     Primary
+        # "9.9.9.9"
+        ; Server: dns.quad9.net      Secondary
+        # "149.112.112.112"  
+        ; Server: dns9.quad9.net     IPV6 Primary server 
+        # "2620:fe::9"
+        ; Server: dns.quad9.net      IPV6 Secondary server
+        # "2620:fe::fe"
+        ; Name:     Quad9.net (free service - this one is unfiltered).
+        ; DNSSEC:   not available
+        ; Details:  Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query
+        ; Server: dns10.quad9.net     Primary
         "9.9.9.10"
+        ; Server: dns10.quad9.net     Secondary
         "149.112.112.10"
-      #  # "2620:fe::10"
-      #  # "2620:fe::fe:10"
+        ; Server: dns10.quad9.net     IPV6 Primary server 
+        # "2620:fe::10"
+        ; Server: dns10.quad9.net     IPV6 Secondary server
+        # "2620:fe::fe:10"
       ];
 
       cacheNetworks =