From f406d0f98d8c96266bbbda746c95a699c8b43535 Mon Sep 17 00:00:00 2001
From: Daniel Lundin <dln@arity.se>
Date: Sun, 10 Nov 2024 14:19:29 +0100
Subject: [PATCH] network: disable systemd-resolved fallback dns

This might not be the best idea, but serves as a reminder to consider
sensitive deployments in the future.
---
 modules/network.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/network.nix b/modules/network.nix
index 2937276..2c91f1a 100644
--- a/modules/network.nix
+++ b/modules/network.nix
@@ -8,6 +8,10 @@
     firewall.enable = false;
   };
 
+  services.resolved = {
+    fallbackDns = [ ];  # Disable fallback DNS. DNS will fail if resolvers are unconfigured
+  };
+
   # Faster boot.
   systemd.network.wait-online.enable = false;
 }