diff --git a/Dockerfile b/Dockerfile
index 435f0249..d89441b0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -167,7 +167,6 @@ ENV VPN_SERVICE_PROVIDER=pia \
     HEALTH_ICMP_TARGET_IP=1.1.1.1 \
     HEALTH_RESTART_VPN=on \
     # DNS
-    DNS_SERVER=on \
     DNS_UPSTREAM_RESOLVER_TYPE=DoT \
     DNS_UPSTREAM_RESOLVERS=cloudflare \
     DNS_BLOCK_IPS= \
diff --git a/internal/configuration/settings/deprecated.go b/internal/configuration/settings/deprecated.go
index 1e745eb0..f80d5969 100644
--- a/internal/configuration/settings/deprecated.go
+++ b/internal/configuration/settings/deprecated.go
@@ -14,6 +14,8 @@ func readObsolete(r *reader.Reader) (warnings []string) {
 		"DOT_VALIDATION_LOGLEVEL":      "DOT_VALIDATION_LOGLEVEL is obsolete because DNSSEC validation is not implemented.",
 		"HEALTH_VPN_DURATION_INITIAL":  "HEALTH_VPN_DURATION_INITIAL is obsolete",
 		"HEALTH_VPN_DURATION_ADDITION": "HEALTH_VPN_DURATION_ADDITION is obsolete",
+		"DNS_SERVER":                   "DNS_SERVER is obsolete because the forwarding server is always enabled.",
+		"DOT":                          "DOT is obsolete because the forwarding server is always enabled.",
 	}
 	sortedKeys := maps.Keys(keyToMessage)
 	slices.Sort(sortedKeys)
diff --git a/internal/configuration/settings/dns.go b/internal/configuration/settings/dns.go
index 4bf62b06..dcaaf42e 100644
--- a/internal/configuration/settings/dns.go
+++ b/internal/configuration/settings/dns.go
@@ -15,10 +15,6 @@ import (
 
 // DNS contains settings to configure DNS.
 type DNS struct {
-	// ServerEnabled is true if the server should be running
-	// and used. It defaults to true, and cannot be nil
-	// in the internal state.
-	ServerEnabled *bool
 	// UpstreamType can be dot or plain, and defaults to dot.
 	UpstreamType string `json:"upstream_type"`
 	// UpdatePeriod is the period to update DNS block lists.
@@ -89,7 +85,6 @@ func (d DNS) validate() (err error) {
 
 func (d *DNS) Copy() (copied DNS) {
 	return DNS{
-		ServerEnabled:  gosettings.CopyPointer(d.ServerEnabled),
 		UpstreamType:   d.UpstreamType,
 		UpdatePeriod:   gosettings.CopyPointer(d.UpdatePeriod),
 		Providers:      gosettings.CopySlice(d.Providers),
@@ -105,7 +100,6 @@ func (d *DNS) Copy() (copied DNS) {
 // settings object with any field set in the other
 // settings.
 func (d *DNS) overrideWith(other DNS) {
-	d.ServerEnabled = gosettings.OverrideWithPointer(d.ServerEnabled, other.ServerEnabled)
 	d.UpstreamType = gosettings.OverrideWithComparable(d.UpstreamType, other.UpstreamType)
 	d.UpdatePeriod = gosettings.OverrideWithPointer(d.UpdatePeriod, other.UpdatePeriod)
 	d.Providers = gosettings.OverrideWithSlice(d.Providers, other.Providers)
@@ -117,7 +111,6 @@ func (d *DNS) overrideWith(other DNS) {
 }
 
 func (d *DNS) setDefaults() {
-	d.ServerEnabled = gosettings.DefaultPointer(d.ServerEnabled, true)
 	d.UpstreamType = gosettings.DefaultComparable(d.UpstreamType, "dot")
 	const defaultUpdatePeriod = 24 * time.Hour
 	d.UpdatePeriod = gosettings.DefaultPointer(d.UpdatePeriod, defaultUpdatePeriod)
@@ -161,11 +154,6 @@ func (d DNS) toLinesNode() (node *gotree.Node) {
 	}
 	node.Appendf("DNS server address to use: %s", d.ServerAddress)
 
-	node.Appendf("DNS forwarder server enabled: %s", gosettings.BoolToYesNo(d.ServerEnabled))
-	if !*d.ServerEnabled {
-		return node
-	}
-
 	node.Appendf("Upstream resolver type: %s", d.UpstreamType)
 
 	upstreamResolvers := node.Append("Upstream resolvers:")
@@ -188,11 +176,6 @@ func (d DNS) toLinesNode() (node *gotree.Node) {
 }
 
 func (d *DNS) read(r *reader.Reader) (err error) {
-	d.ServerEnabled, err = r.BoolPtr("DNS_SERVER", reader.RetroKeys("DOT"))
-	if err != nil {
-		return err
-	}
-
 	d.UpstreamType = r.String("DNS_UPSTREAM_RESOLVER_TYPE")
 
 	d.UpdatePeriod, err = r.DurationPtr("DNS_UPDATE_PERIOD")
diff --git a/internal/configuration/settings/settings.go b/internal/configuration/settings/settings.go
index 091c4a4d..842cc0f4 100644
--- a/internal/configuration/settings/settings.go
+++ b/internal/configuration/settings/settings.go
@@ -177,7 +177,7 @@ func (s Settings) Warnings() (warnings []string) {
 	// TODO remove in v4
 	if s.DNS.ServerAddress.Unmap().Compare(netip.AddrFrom4([4]byte{127, 0, 0, 1})) != 0 {
 		warnings = append(warnings, "DNS address is set to "+s.DNS.ServerAddress.String()+
-			" so the local forwarding DNS server will not be used."+
+			" so the local forwarding DNS server will not be used."+ // xxx
 			" The default value changed to 127.0.0.1 so it uses the internal DNS server."+
 			" If this server fails to start, the IPv4 address of the first plaintext DNS server"+
 			" corresponding to the first DNS provider chosen is used.")
diff --git a/internal/configuration/settings/settings_test.go b/internal/configuration/settings/settings_test.go
index 907655c5..aac8d1f8 100644
--- a/internal/configuration/settings/settings_test.go
+++ b/internal/configuration/settings/settings_test.go
@@ -40,7 +40,6 @@ func Test_Settings_String(t *testing.T) {
 ├── DNS settings:
 |   ├── Keep existing nameserver(s): no
 |   ├── DNS server address to use: 127.0.0.1
-|   ├── DNS forwarder server enabled: yes
 |   ├── Upstream resolver type: dot
 |   ├── Upstream resolvers:
 |   |   └── Cloudflare
diff --git a/internal/dns/run.go b/internal/dns/run.go
index 2c67f9f4..7aba1feb 100644
--- a/internal/dns/run.go
+++ b/internal/dns/run.go
@@ -39,7 +39,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 		var runError <-chan error
 
 		settings := l.GetSettings()
-		for !*settings.KeepNameserver && *settings.ServerEnabled {
+		for !*settings.KeepNameserver {
 			var err error
 			runError, err = l.setupServer(ctx)
 			if err == nil {
@@ -64,7 +64,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 		}
 
 		settings = l.GetSettings()
-		if !*settings.KeepNameserver && !*settings.ServerEnabled {
+		if !*settings.KeepNameserver {
 			const fallback = false
 			l.useUnencryptedDNS(fallback)
 		}
diff --git a/internal/dns/state/settings.go b/internal/dns/state/settings.go
index 302c0e7c..5eab8271 100644
--- a/internal/dns/state/settings.go
+++ b/internal/dns/state/settings.go
@@ -40,8 +40,6 @@ func (s *State) SetSettings(ctx context.Context, settings settings.DNS) (
 
 	// Restart
 	_, _ = s.statusApplier.ApplyStatus(ctx, constants.Stopped)
-	if *settings.ServerEnabled {
-		outcome, _ = s.statusApplier.ApplyStatus(ctx, constants.Running)
-	}
+	outcome, _ = s.statusApplier.ApplyStatus(ctx, constants.Running)
 	return outcome
 }
diff --git a/internal/vpn/tunnelup.go b/internal/vpn/tunnelup.go
index 009b9f3d..2149ea1d 100644
--- a/internal/vpn/tunnelup.go
+++ b/internal/vpn/tunnelup.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"net/netip"
 
-	"github.com/qdm12/dns/v2/pkg/check"
 	"github.com/qdm12/gluetun/internal/constants"
 	"github.com/qdm12/gluetun/internal/version"
 )
@@ -46,14 +45,7 @@ func (l *Loop) onTunnelUp(ctx, loopCtx context.Context, data tunnelUpData) {
 		return
 	}
 
-	if *l.dnsLooper.GetSettings().ServerEnabled {
-		_, _ = l.dnsLooper.ApplyStatus(ctx, constants.Running)
-	} else {
-		err := check.WaitForDNS(ctx, check.Settings{})
-		if err != nil {
-			l.logger.Error("waiting for DNS to be ready: " + err.Error())
-		}
-	}
+	_, _ = l.dnsLooper.ApplyStatus(ctx, constants.Running)
 
 	err = l.publicip.RunOnce(ctx)
 	if err != nil {