From 674b54e92dc9bdab1547b037c96edc3e6eaa6a3c Mon Sep 17 00:00:00 2001
From: reidlab <reidlab325@gmail.com>
Date: Tue, 9 Jun 2026 10:11:09 -0700
Subject: [PATCH] dns

---
 modules/hardware/networking.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/modules/hardware/networking.nix b/modules/hardware/networking.nix
index 68e79b9..9ba3b35 100644
--- a/modules/hardware/networking.nix
+++ b/modules/hardware/networking.nix
@@ -20,6 +20,7 @@ in {
       wifi.powersave = cfg.powersave;
     };
 
+
     services.resolved.enable = true;
     services.resolved.settings.Resolve.DNSSEC = "allow-downgrade";
     services.resolved.settings.Resolve.DNSOverTLS = "opportunistic";
@@ -27,6 +28,19 @@ in {
     networking.wireless.iwd.enable = true;
     networking.wireless.iwd.settings.Settings.AutoConnect = true;
 
+    # guest wifis are extremely invasive with dns takeover
+    # lets just bypass that !
+    networking.nameservers = [
+      "1.1.1.1#cloudflare-dns.com"
+      "8.8.8.8#dns.google"
+      "1.0.0.1#cloudflare-dns.com"
+      "8.8.4.4#dns.google"
+      "2606:4700:4700::1111#cloudflare-dns.com"
+      "2001:4860:4860::8888#dns.google"
+      "2606:4700:4700::1001#cloudflare-dns.com"
+      "2001:4860:4860::8844#dns.google"
+    ];
+
     # default startup time is Slowww
     systemd.services.NetworkManager-wait-online.enable = false;
   };