diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix
index d3a65bd4c..7373592a5 100644
--- a/krebs/3modules/sync-containers3.nix
+++ b/krebs/3modules/sync-containers3.nix
@@ -58,6 +58,8 @@ in {
             pkgs.jq
           ];
           networking.useDHCP = lib.mkForce true;
+          networking.useHostResolvConf = false;
+          services.resolved.enable = true;
           systemd.services.autoswitch = {
             environment = {
               NIX_REMOTE = "daemon";
@@ -297,9 +299,6 @@ in {
     (lib.mkIf (cfg.containers != {}) {
       # networking
 
-      # needed because otherwise we lose local dns
-      environment.etc."resolv.conf".source = lib.mkForce "/run/systemd/resolve/resolv.conf";
-
       boot.kernel.sysctl."net.ipv4.ip_forward" = lib.mkForce 1;
       systemd.network.networks.ctr0 = {
         name = "ctr0";
@@ -312,6 +311,9 @@ in {
           ConfigureWithoutCarrier = true;
           DHCPServer = "yes";
         };
+        dhcpServerConfig = {
+          DNS = "9.9.9.9";
+        };
       };
       systemd.network.netdevs.ctr0.netdevConfig = {
         Kind = "bridge";
@@ -344,6 +346,12 @@ in {
 
       networking.useHostResolvConf = false;
       networking.useNetworkd = true;
+      services.resolved = {
+        enable = true;
+        extraConfig = ''
+          Domains=~.
+        '';
+      };
       systemd.network = {
         enable = true;
         networks.eth0 = {