From d9a85536a222987a733faf712de44144b41e843a Mon Sep 17 00:00:00 2001
From: SebastianStork <git@sstork.dev>
Date: Wed, 4 Mar 2026 15:58:54 +0100
Subject: [PATCH] underlay: Refuse DNS servers from DHCP

---
 modules/nixos/networking/underlay.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos/networking/underlay.nix b/modules/nixos/networking/underlay.nix
index 20f9efa..94f7401 100644
--- a/modules/nixos/networking/underlay.nix
+++ b/modules/nixos/networking/underlay.nix
@@ -51,6 +51,7 @@ in
           matchConfig.Name = cfg.interface;
           linkConfig.RequiredForOnline = "routable";
           networkConfig.DHCP = lib.mkIf cfg.useDhcp "yes";
+          dhcpV4Config.UseDNS = lib.mkIf cfg.useDhcp false;
           address = lib.optional (cfg.cidr != null) cfg.cidr;
           routes = lib.optional (cfg.gateway != null) {
             Gateway = cfg.gateway;