DNS not resolving during nixos builds

Suddenly my nixos build is no capable of resolving DNS, as the message shows below

trying https://github.com/catppuccin/starship/archive/5906cc369dd8207e063c0e6e2d27bd0c0b567cb8.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0curl: (6) Could not resolve host: github.com
Warning: Problem : timeout. Will retry in 1 second. 3 retries left.
curl: (6) Could not resolve host: github.com
Warning: Problem : timeout. Will retry in 2 seconds. 2 retries left.
curl: (6) Could not resolve host: github.com
Warning: Problem : timeout. Will retry in 4 seconds. 1 retry left.
curl: (6) Could not resolve host: github.com
error checking the existence of https://tarballs.nixos.org//sha256-FLHjbClpTqaK4n2qmepCPkb8rocaAo3qeV4Zp1hia0g=:
curl: (6) Could not resolve host: tarballs.nixos.org
error: cannot download source from any mirror

I’ve trying changing my DNS from Cloudflare to Google to OpenDNS, nothing seems to have work. Using curl -v -L works on both URLs as accessing them by browser.

Things I’ve tried but nothing changed:

• changed dns providers (using networking.nameservers)
• Fully disabled ipv6 (when testing with curl, there was a first attempt to resolve IPv6 that always failed)

What worked:

• Running nixos-rebuild with no sandbox: –-option sandbox false

This happened once, but it felt like a blip in the DNS as I retried a few hours later and it worked, now its constant, I’ve been trying to rebuild this for two days and I get the same error.

Can you share the part where you set up your starship prompt, especially the catpuccin theme?

Share your DNS settings as well, especially if you’re using systemd-resolved as that has presentations like this on occasion.

DNS:
I didn’t had any DNS configuration in my nix files until this issue appeared, was only the router DHCP DNS, this is my current network configuration:

  networking.useDHCP = lib.mkDefault true;

  networking.enableIPv6 = false;
  networking.nameservers = [
    "1.1.1.1"
    "1.0.0.1"
  ];
  networking.networkmanager = {
    enable = true;
    wifi = {
      macAddress = "preserve";
      scanRandMacAddress = false;
      powersave = false;
    };
  };

Starship/Catppuccin (home-manager):

Catppuccin comes from GitHub - catppuccin/nix: ❄️ Soothing pastel theme for Nix.

  programs.starship = {
    enable = true;
    enableZshIntegration = true;
  };

  catppuccin = {
    enable = true;
    flavor = "frappe";
    accent = "sky";
    gtk.icon.enable = true;
    delta.enable = true;
    bat.enable = true;
    ghostty.enable = true;
    btop.enable = true;
    firefox.enable = true;
    fzf.enable = true;
    kitty.enable = true;
    spotify-player.enable = true;
    starship.enable = true;
    zsh-syntax-highlighting.enable = true;
    mangohud.enable = false;
  };

The same issue happens with crates.io, when a rust dependency needs to be installed.

Hmmmm.

Looks like you’re using DHCP via network manager. Does the networking.nameservers override that? I don’t know

cat /etc/resolv.conf

[das@l:~]$ nix-shell -p dig
these 2 paths will be fetched (1.35 MiB download, 4.41 MiB unpacked):
  /nix/store/4avybf0fh7bf2cxs2cjvd4h3g4krc9ck-bind-9.20.16-dnsutils
  /nix/store/mhl5gd5ky5rld8djl4hzpxpkj3pdhlpn-bind-9.20.16-lib
copying path '/nix/store/mhl5gd5ky5rld8djl4hzpxpkj3pdhlpn-bind-9.20.16-lib' from 'https://cache.nixos.org'...
copying path '/nix/store/4avybf0fh7bf2cxs2cjvd4h3g4krc9ck-bind-9.20.16-dnsutils' from 'https://cache.nixos.org'...

[nix-shell:~]$ dig github.com

; <<>> DiG 9.20.16 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37790
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;github.com.			IN	A

;; ANSWER SECTION:
github.com.		47	IN	A	140.82.114.3

;; Query time: 0 msec
;; SERVER: 172.16.50.1#53(172.16.50.1) (UDP)
;; WHEN: Thu Dec 18 15:06:22 PST 2025
;; MSG SIZE  rcvd: 55


[nix-shell:~]$ 

My DCHP is also configured to have the dns set to 1.1.1.1 and 1 0.0.1.

Any attempt to resolve dns through terminal (via curl, dig or nslookup) is successful using the expected nameservers (cloudflare).

Can you please cat a couple of files?

cat /etc/resolv.conf

cat /etc/nsswitch.conf

Can you try the dig command I showed?

dig output:

[nix-shell:~]$ dig github.com

; <<>> DiG 9.20.15 <<>> github.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44757
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;github.com.                    IN      A

;; ANSWER SECTION:
github.com.             17      IN      A       140.82.121.3

;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sun Dec 21 00:41:48 CET 2025
;; MSG SIZE  rcvd: 55

/etc/resolv.conf

# Generated by resolvconf
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0

/etc/nsswitch.conf

passwd:    files systemd
group:     files [success=merge] systemd
shadow:    files systemd
sudoers:   files

hosts:     mymachines mdns4_minimal [NOTFOUND=return] files myhostname dns mdns4
networks:  files

ethers:    files
services:  files
protocols: files
rpc:       files

Hmmm. So that looks totally fine to me. And the dig worked and in only 8ms, so that should be ok.

I guess another option would be run a local caching resolver, but this shouldn’t really be required. e.g.