From a1c59deb0bc4155700cbbed2270d7a6ead976853 Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Thu, 26 Mar 2026 21:54:00 -0700
Subject: [PATCH] Disable Tailscale DNS management on vade to fix DNS timeout

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 hw/vade/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/vade/default.nix b/hw/vade/default.nix
index f57d09c..0a5bb97 100644
--- a/hw/vade/default.nix
+++ b/hw/vade/default.nix
@@ -40,6 +40,10 @@
     ''
   ];
 
+  # Prevent Tailscale from setting a ~. catch-all on tailscale0,
+  # which hijacks all DNS queries through systemd-resolved.
+  services.tailscale.extraUpFlags = ["--accept-dns=false"];
+
   # Route internal Metacircular zones to rift's CoreDNS (MCNS precursor).
   # Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net
   # while DHCP/Tailscale DNS handles everything else.