From 73be02eaaede0c7081b4c37f8e058de7bd4f2cda Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Wed, 25 Mar 2026 19:22:35 -0700
Subject: [PATCH] vade: route mcp.metacircular.net zone to rift via resolved

Link-level DNS from DHCP and Tailscale takes priority over global
nameservers in systemd-resolved. Use domain routing (~mcp.metacircular.net)
so resolved sends only internal zone queries to rift's CoreDNS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 hw/vade/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/vade/default.nix b/hw/vade/default.nix
index 4430184..cc9f0da 100644
--- a/hw/vade/default.nix
+++ b/hw/vade/default.nix
@@ -39,9 +39,14 @@
     ''
   ];
 
-  # Use rift's CoreDNS (MCNS precursor) for internal service resolution.
+  # Route internal Metacircular zones to rift's CoreDNS (MCNS precursor).
+  # Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net
+  # while DHCP/Tailscale DNS handles everything else.
   networking.nameservers = [
     "192.168.88.181"
     "100.95.252.120"
   ];
+  services.resolved.domains = [
+    "~mcp.metacircular.net"
+  ];
 }