diff --git a/kernel/build/config-amd64 b/kernel/build/config-amd64
index 07c5fd5c..4014dd6a 100644
--- a/kernel/build/config-amd64
+++ b/kernel/build/config-amd64
@@ -5256,8 +5256,8 @@ CONFIG_IOMMU_IO_PGTABLE=y
 # end of Generic IOMMU Pagetable Support
 
 # CONFIG_IOMMU_DEBUGFS is not set
-CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
-# CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set
+# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set
+CONFIG_IOMMU_DEFAULT_DMA_LAZY=y
 # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
 CONFIG_IOMMU_DMA=y
 CONFIG_IOMMU_SVA=y
diff --git a/kernel/build/config-arm64 b/kernel/build/config-arm64
index f200728a..963f7c3d 100644
--- a/kernel/build/config-arm64
+++ b/kernel/build/config-arm64
@@ -6979,8 +6979,8 @@ CONFIG_IOMMU_IO_PGTABLE_LPAE=y
 # end of Generic IOMMU Pagetable Support
 
 # CONFIG_IOMMU_DEBUGFS is not set
-CONFIG_IOMMU_DEFAULT_DMA_STRICT=y
-# CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set
+# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set
+CONFIG_IOMMU_DEFAULT_DMA_LAZY=y
 # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set
 CONFIG_OF_IOMMU=y
 CONFIG_IOMMU_DMA=y
diff --git a/kernel/build/scripts/filter-hardened-check.py b/kernel/build/scripts/filter-hardened-check.py
index 7922dd66..d482d098 100644
--- a/kernel/build/scripts/filter-hardened-check.py
+++ b/kernel/build/scripts/filter-hardened-check.py
@@ -32,6 +32,7 @@
     'CONFIG_SPECULATION_MITIGATIONS', # Renamed in the kernel to 'CONFIG_CPU_MITIGATIONS'
     'CONFIG_EFI_DISABLE_PCI_DMA', # enabling this breaks boot with no visible error messages to debug (https://github.com/siderolabs/talos/issues/8743)
     'CONFIG_INET_DIAG', # last vulnerability prior to v4.1. Required for CNIs such as Cilium to terminate sockets. (https://github.com/siderolabs/pkgs/issues/1028)
+    'CONFIG_IOMMU_DEFAULT_DMA_STRICT', # performance impact https://github.com/siderolabs/talos/issues/9531
 }
 
 """