Correct way to configure quad9 dns in EDNS/ECS

[StrikerXXX]

Hey guys! I'm trying to setup quad9 dns on my ac68u, I want to use dot but I'm not sure if I'm doing it right.

I configured it like this in the wan part:

Is this correct? My doubt is because of the information shown in dnscheck.tools, at the bottom of the screen, where you have the EDNS, DNSSEC and ECS options.

Using dns 9.9.9.9, it shows the EDNS and DNSSEC information in green, informing that the configuration is correct.

But when I use dns 9.9.9.11, it shows the 3 options, only EDNS and ECS are in yellow. Edns has the following information:

"Advertised UDP buffer sizes: 512, 591, 603, 1232."

In ecs it has the following information:

"Your DNS resolvers are advertised your subnets as:
0::/0
0.0.0.0/0

Running the command dig '@RT-AC68U' +dnssec o-o.myaddr.google.com TXT I have the following information:

; <<>> DiG 9.16.40 <<>> '@RT-AC68U' +dnssec o-o.myaddr.google.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29282
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;'\@RT-AC68U'.                  IN      A

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu May 04 15:41:05 Hora oficial do Brasil 2023
;; MSG SIZE  rcvd: 40

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57196
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ed5a3f27b7d3b2ff010000006453fc429dd3c6e0dafd4711 (good)
;; QUESTION SECTION:
;o-o.myaddr.google.com.         IN      TXT

;; ANSWER SECTION:
o-o.myaddr.google.com.  60      IN      TXT     "edns0-client-subnet 200.25.52.216/0"
o-o.myaddr.google.com.  60      IN      TXT     "200.25.52.216"

;; Query time: 341 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu May 04 15:41:05 Hora oficial do Brasil 2023
;; MSG SIZE  rcvd: 152

Do you think it's set up the right way? Because using dns 9.9.9.9 edns works correctly, turning green in dnscheck.tools and 9.9.9.11 turns yellow, and ecs too.

Do I need to do any special configuration to fix this? Sorry for the many questions, but I'm new to merlin, I know how to configure little things, but I wanted to configure this part of privacy in the best possible way.

I managed to modify the ecs information in dnscheck.tools, instead of showing 0.0.0.0/0, now it shows normal ip's, after I added the stubby.postconf file in /jffs/scripts, with the following information:

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
pc_replace "edns_client_subnet_private: 1" "edns_client_subnet_private: 0" $CONFIG

What do I need to do to further refine my configuration? Of all the dns servers, the one that I thought was more stable on my network was the quad9 one, before I used nextdns, but it has become very unstable in recent weeks, so I decided to change it for quad9.