make all our systems use security aware resolvers
Probably by installing unbound, configuring it properly, and then change /etc/resolv.conf to only ask localhost.
Probably by installing unbound, configuring it properly, and then change /etc/resolv.conf to only ask localhost.