Right, you got into a weird state at that point: the resolver didn’t read from its
/tmp/kresd/tty/* socket, yet apparently the process was still alive (I’ve never seen such a combination) and it was replying
SERVFAIL to all DNS requests. Due to the dead tty socket kresd couldn’t be reconfigured alive, so the logs show basically nothing about its state, unfortunately… therefore ATM I see no leads how to find what exactly was wrong.
The command returns the new “verbosity level”, i.e. it meant you turned that on successfully. The logs you sent me seemed like DNS worked OK in that state. I can’t judge whether it was just because the process got restarted (that’s what happens when you change its configuration) or because of the actual config changes.
Using ISP’s DNS without validating its DNSSEC signatures – that’s probably the least problematic setup, i.e. closest to what other customers of the ISP get. Well, Foris explains what DNSSEC is about. Forwarding to ISP servers does break DNSSEC sometimes, depending on the brokenness of their servers, but as you’re changing the ISP now, it’s probably not worth getting details until you’ve changed. Again, verbose logs almost always show us why exactly resolution fails.