NetworkManager ignores `/etc/resolv.conf`

theskpaul · February 26, 2026, 10:23pm

I recently switched to NixOS, and everything works well. But no matter how much I try, I can’t configure DNS. In Arch, I just added my DNS to /etc/resolv.conf, but here I have to declare it under networking.nameservers. I did that and also tried multiple other settings, but nothing works. Whenever I run a DNS leak test, I see several Google DNS servers and one or two Cloudflare servers instead of the nameservers I configured.

networking = {
  hostName = "Gingerbread"; # Define your hostname.
  useDHCP = false;
  dhcpcd.enable = false;
  nameservers = [
     "194.242.2.6"
     "2a07:e340::6"
     "1.1.1.3"
     "1.0.0.3"
     "2606:4700:4700::1113"
     "2606:4700:4700::1003"
  ];
  networkmanager = {
    enable = true;
    dns = "none";
    wifi.powersave = false;
  };
  nftables.enable = true;
};

Output of /etc/resolv.conf:

# Generated by resolvconf
nameserver 194.242.2.6
nameserver 2a07:e340::6
nameserver 1.1.1.3
nameserver 1.0.0.3
nameserver 2606:4700:4700::1113
nameserver 2606:4700:4700::1003
options edns0

Where I am doing wrong? Thanks in advance.

waffle8946 · February 26, 2026, 10:39pm

This will ignore the resolv.conf, so don’t do this.

theskpaul · February 27, 2026, 3:33am

I removed dns = "none", but there was no change — the DNS leak test still shows several Google and Cloudflare servers.

TLATER · February 27, 2026, 4:26am

Try with dig to verify your configuration first; browsers sometimes set up DoH these days.

theskpaul · February 27, 2026, 6:52am

To make it much more simple to debug, I removed most of the nameservers and kept only two:

nameservers = [
     "1.1.1.3"
     "1.0.0.3"
  ];

After that I ran dig nixos.org and got:

; <<>> DiG 9.20.18 <<>> nixos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16435
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c4d5a162e67c60ff0100000069a13e87f12a4410682e5dc4 (good)
;; QUESTION SECTION:
;nixos.org.			IN	A

;; ANSWER SECTION:
nixos.org.		1949	IN	A	99.83.231.61
nixos.org.		1949	IN	A	75.2.60.5

;; Query time: 71 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Fri Feb 27 12:19:43 IST 2026
;; MSG SIZE  rcvd: 98

theskpaul · February 27, 2026, 8:23am

Update:

this DNS server is appearing because I removed dns="none", that allows NetworkManager to edit /etc/resolv.conf, which adds 192.168.1.1 at the top of all of my nameservers in /etc/resolv.conf.

So, I re-added dns="none" and got:

; <<>> DiG 9.20.18 <<>> nixos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4826
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4716c6051efd4ea80100000069a151ce3db54dfd540a4da5 (good)
;; QUESTION SECTION:
;nixos.org.			IN	A

;; ANSWER SECTION:
nixos.org.		1300	IN	A	99.83.231.61
nixos.org.		1300	IN	A	75.2.60.5

;; Query time: 18 msec
;; SERVER: 1.1.1.3#53(1.1.1.3) (UDP)
;; WHEN: Fri Feb 27 13:41:58 IST 2026
;; MSG SIZE  rcvd: 98

As you can see, it’s now using 1.1.1.3 as set. I checked to make sure DoH is off in my browsers and it is set to use dns set on OS but still dnsleaktest shows a bunch of Google servers.