From 9d01c268797900f599d15333c32b13979eaef4f2 Mon Sep 17 00:00:00 2001
From: Jake Ginesin <jakeginesin@gmail.com>
Date: Sat, 28 Jun 2025 01:55:45 -0400
Subject: [PATCH] 444 current  2025-06-28 01:55:23  25.05.20250424.f771eb4    
 6.12.24                          *

---
 system/services/dnsmasq/default.nix  | 14 ++++++++++++++
 system/services/resolved/default.nix |  3 +++
 system/services/services.nix         |  1 +
 3 files changed, 18 insertions(+)
 create mode 100644 system/services/dnsmasq/default.nix

diff --git a/system/services/dnsmasq/default.nix b/system/services/dnsmasq/default.nix
new file mode 100644
index 0000000..df5acb3
--- /dev/null
+++ b/system/services/dnsmasq/default.nix
@@ -0,0 +1,14 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.dnsmasq = {
+    enable = true;
+    resolveLocalQueries = true;
+    settings = {
+      listen-address = "127.0.0.1";
+      port = 53535; # anything that’s free
+    };
+  };
+}
diff --git a/system/services/resolved/default.nix b/system/services/resolved/default.nix
index 978a2fe..3201276 100644
--- a/system/services/resolved/default.nix
+++ b/system/services/resolved/default.nix
@@ -6,6 +6,9 @@
   networking.nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
 
   services.resolved = {
+    extraConfig = ''
+      DNS=127.0.0.1:53535           # resolved → dnsmasq, non-standard port OK
+    '';
     enable = true;
     dnssec = "true";
     domains = ["~."];
diff --git a/system/services/services.nix b/system/services/services.nix
index d90b107..02fc57d 100644
--- a/system/services/services.nix
+++ b/system/services/services.nix
@@ -8,5 +8,6 @@
     ./tailscale/default.nix
     ./syncthing/default.nix
     ./resolved/default.nix
+    ./dnsmasq/default.nix
   ];
 }