diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix
index d7a4d4c..1b13a91 100644
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@@ -207,7 +207,6 @@ in
       wg-upstream = {
         name = "wg-upstream";
         address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ];
-        dns = [ "10.64.0.1" ];
         routingPolicyRules = [
           {
             routingPolicyRuleConfig = {
@@ -313,9 +312,8 @@ in
       # but from lan instead.
       # So it has to use static configuration.
       host-record = "switchviech,switchviech.${domain},10.80.1.19";
-      server = config.systemd.network.networks.wg-upstream.dns ++ [
-        #"9.9.9.9" # dns.quad9.net
-        #"2620:fe::fe"
+      server = [
+        "127.0.0.1#5053"
       ];
     };
   };
@@ -387,4 +385,13 @@ in
       UMask = "0077";
     };
   };
+
+  services.https-dns-proxy = {
+    enable = true;
+    provider = {
+      kind = "custom";
+      ips = [ "9.9.9.9" "149.112.112.112" ];
+      url = "https://dns.quad9.net/dns-query";
+    };
+  };
 }