Nix network fetches fail on first attempt after switching to channel 25.11 (DNS resolution errors)

Help
1

After switching to the 25.11 channel, all Nix commands that require fetching remote resources fail on the first attempt, regardless of the source: cache.nixos.org, channels.nixos.org, GitHub (flakes, fetchTarball, etc.) but works on the second try

The failure is always DNS-related, even though the host is reachable.

example output:

   nix-shell-env
[nyxar@nixos cpp/gtk]$ nix develop .
warning: error: unable to download 'https://cache.nixos.org/h9z1br19b82swfb9w58gs4gccw39nzcw.narinfo': Could not resolve hostname (6) Could not resolve host: cache.nixos.org (DNS server refused query); retrying in 267 ms
warning: error: unable to download 'https://cache.nixos.org/h9z1br19b82swfb9w58gs4gccw39nzcw.narinfo': Could not resolve hostname (6) Could not resolve host: cache.nixos.org; retrying in 663 ms
warning: error: unable to download 'https://cache.nixos.org/h9z1br19b82swfb9w58gs4gccw39nzcw.narinfo': Could not resolve hostname (6) Could not resolve host: cache.nixos.org; retrying in 1084 ms
warning: error: unable to download 'https://cache.nixos.org/h9z1br19b82swfb9w58gs4gccw39nzcw.narinfo': Could not resolve hostname (6) Could not resolve host: cache.nixos.org; retrying in 2376 ms
error: unable to download 'https://cache.nixos.org/h9z1br19b82swfb9w58gs4gccw39nzcw.narinfo': Could not resolve hostname (6) Could not resolve host: cache.nixos.org

✗   nix-shell-env
[nyxar@nixos cpp/gtk]$ nix develop .
bash: /run/current-system/sw/bin/starship: No such file or directory

[nyxar@nixos:~/Programming/languages/cpp/gtk]$
2

What are the contents of /etc/resolv.conf? Have you setup any DNS servers on your computer e.g. dnsmasq, unbound or systemd-resolved?

3 
[nyxar@nixos nvim]$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.1.1
nameserver fe80::1%wlan0
options edns0

no i didn’t play with dns settings at allll

:’)

4

Have you considered doing so and setting your primary nameserver to 1.1.1.1? Often people turn up with this question if they have broken router configuration, and that config sets up DNS to ask your router (which is the default; normally you’re “supposed” to get nameservers via DHCP).

Also consider using encrypted DNS via DoH or DoT; some networks do constant MitM attacks on your DNS traffic to prevent you from changing DNS servers without encryption.

There are good and bad reasons to do that, but if your config is already broken there’s no real reason to trust your router’s settings to do good things either.