revert dns bugs

hw/vade/default.nix

@@ -40,30 +40,14 @@
     ''
   ];
 
-  # Internal Metacircular service addresses via /etc/hosts.
+  # Route internal Metacircular zones to rift's CoreDNS (MCNS precursor).
-  networking.hosts = {
+  # Uses systemd-resolved domain routing so rift handles only *.mcp.metacircular.net
-    "100.95.252.120" = [
+  # while DHCP/Tailscale DNS handles everything else.
-      "metacrypt.svc.mcp.metacircular.net"
+  networking.nameservers = [
-      "mcr.svc.mcp.metacircular.net"
+    "192.168.88.181"
-      "mcp-agent.svc.mcp.metacircular.net"
+    "100.95.252.120"
-      "rift.mcp.metacircular.net"
+  ];
+  services.resolved.domains = [
+    "~mcp.metacircular.net"
   ];
-  };
-
-  # Tailscale sets ~. (catch-all) on tailscale0, which hijacks all DNS
-  # queries — even when Tailscale is disconnected. Replace it with a
-  # specific routing domain so normal DNS resolution works.
-  systemd.services.fix-tailscale-dns = {
-    description = "Remove Tailscale DNS catch-all routing";
-    after = [ "network-online.target" "tailscaled.service" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      ${pkgs.systemd}/bin/resolvectl domain tailscale0 ~scylla-hammerhead.ts.net
-    '';
-  };
 }