diff --git a/hw/rift/default.nix b/hw/rift/default.nix
index 25237e8..30d3b5d 100644
--- a/hw/rift/default.nix
+++ b/hw/rift/default.nix
@@ -7,5 +7,11 @@
   ];
 
   config = {
+    # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
+    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
+
+    # Open DNS port for LAN clients querying CoreDNS.
+    networking.firewall.allowedTCPPorts = [ 53 ];
+    networking.firewall.allowedUDPPorts = [ 53 ];
   };
 }
diff --git a/hw/vade/default.nix b/hw/vade/default.nix
index bd90145..4430184 100644
--- a/hw/vade/default.nix
+++ b/hw/vade/default.nix
@@ -38,4 +38,10 @@
       Driver "libinput"
     ''
   ];
+
+  # Use rift's CoreDNS (MCNS precursor) for internal service resolution.
+  networking.nameservers = [
+    "192.168.88.181"
+    "100.95.252.120"
+  ];
 }