diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix
index 282d49b..479c8cb 100644
--- a/hosts/nuc/modules/adguard/default.nix
+++ b/hosts/nuc/modules/adguard/default.nix
@@ -1,5 +1,7 @@
 { ... }:
 {
+  networking.firewall.allowedTCPPorts = [53];
+  networking.firewall.allowedUDPPorts = [53];
   services.adguardhome = {
     enable = true;
     openFirewall = true;
diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index 845a03a..826726f 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -5,6 +5,15 @@
     useNetworkd = true;
     enableIPv6 = true;
   };
+  services.resolved = {
+    enable = true;
+    # make room for the adguard dns
+    extraConfig = ''
+      [Resolve]
+      DNS=127.0.0.1
+      DNSStubListener=no
+    '';
+  };
   systemd.network = {
     enable = true;
     networks."10-loopback" = {