diff --git a/nixos/network/config.nix b/nixos/network/config.nix
index 4306762..4bb0240 100644
--- a/nixos/network/config.nix
+++ b/nixos/network/config.nix
@@ -68,7 +68,7 @@ let
         dhcp-range=${lanInterfaceName},${dhcpStartAddress},${dhcpEndAddress},${netmask},12h
         domain=${lanDomainName},${lanInterfaceName}
         dhcp-option=${lanInterfaceName},option:classless-static-route,${lib.concatStringsSep "," (builtins.map (route: "${route},${lanInterfaceIPAddress}") (builtins.filter (route: route != lanCfg.ipv4.range) staticRoutes))}
-      '' + (lib.optionalString (lanCfg.ipv4.dns.upstream != []) ("dhcp-option=${lanInterfaceName},option:dns-server,${(lib.concatStringsSep "," lanCfg.ipv4.dns.upstream)}\n"));
+      '' + (lib.optionalString (lanCfg.ipv4.dhcp.dns.nameservers != []) ("dhcp-option=${lanInterfaceName},option:dns-server,${(lib.concatStringsSep "," lanCfg.ipv4.dhcp.dns.nameservers)}\n"));
     in
     lanCfg // {
       createIface = createLanInterface;
@@ -77,10 +77,10 @@ let
       domain = lanDomainName;
     };
 
-  mkLansService = networkName: wanIPv4Range: lansCfg:
+  mkLansService = networkName: wanCfg: lansCfg:
     let
       dhcpLeaseFile="/tmp/vmix/lans.${networkName}.dhcp.leases";
-      staticRoutes = [ wanIPv4Range ] ++ (builtins.map (lanCfg: lanCfg.ipv4.range) (lib.attrValues lansCfg));
+      staticRoutes = [ wanCfg.ipv4.range ] ++ (builtins.map (lanCfg: lanCfg.ipv4.range) (lib.attrValues lansCfg));
       lansList = lib.attrValues(lib.mapAttrs (mkLan networkName staticRoutes) lansCfg);
       dnsmasqConf = pkgs.writeText "dnsmasq-${networkName}.conf" (''
         except-interface=lo
@@ -90,6 +90,9 @@ let
         expand-hosts
         dhcp-leasefile=${dhcpLeaseFile}
         filter-AAAA
+        address=/host/${calc.cidr.host 1 wanCfg.ipv4.range}
+        no-resolv
+        ${lib.concatStringsSep "\n" (builtins.map (nameserver: "server=${nameserver}") wanCfg.dns.nameservers)}
       '' + (lib.concatMapStrings (lan: lan.dnsmasqConf) lansList)
       );
 
@@ -188,9 +191,10 @@ let
     let
       netCfg = cfg // { name = networkName; };
       vethIPv4RangeForWan = mkVethIPv4Range netCfg.index vmixCfg.global.net.wan.ipv4.range;
+      wanCfg = netCfg.wan // { ipv4.range = vethIPv4RangeForWan; lanRanges = builtins.map (lan: lan.ipv4.range) (lib.attrValues netCfg.lans); };
     in
-    (mkLansService netCfg.name vethIPv4RangeForWan netCfg.lans)
-    // (mkWanService netCfg.name (netCfg.wan // { ipv4.range = vethIPv4RangeForWan; lanRanges = builtins.map (lan: lan.ipv4.range) (lib.attrValues netCfg.lans); }))
+    (mkLansService netCfg.name wanCfg netCfg.lans)
+    // (mkWanService netCfg.name wanCfg)
     // (lib.concatMapAttrs (mkMacvlanService netCfg.name) netCfg.bridges.macvlans);
 
   networkNames = builtins.attrNames vmixCfg.networks;
diff --git a/nixos/network/options.nix b/nixos/network/options.nix
index fda4ba9..5e98b57 100644
--- a/nixos/network/options.nix
+++ b/nixos/network/options.nix
@@ -69,6 +69,18 @@ with vmixLib.network;
         default = true;
       };
 
+      dns.nameservers = mkOption {
+        type = types.listOf (types.strMatching regex.ipv4);
+        default = [];
+        description = "List of IP Addresses of DNS servers to use as upstream DNS servers in the DHCP/DNS server. If left empty, it will use host's DNS servers";
+      };
+
+      dns.useHostResolvConf = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to use host's /etc/resolv.conf for upstream DNS queries.";
+      };
+
       host.wan.enable = mkOption {
         type = types.bool;
         default = true;
@@ -93,6 +105,16 @@ with vmixLib.network;
         type = types.bool;
         default = true;
       };
+
+      host.self.dns.addNSLansResolver = mkOption {
+        type = types.bool;
+        default = true;
+      };
+
+      host.self.addNSLansRoutes = mkOption {
+        type = types.bool;
+        default = true;
+      };
     };
 
     lans = mkOption {
@@ -133,19 +155,19 @@ with vmixLib.network;
             default = null;
           };
 
-          dns.upstream = mkOption {
+          dhcp.dns.resolver.enable = mkOption {
+            type = types.bool;
+            default = true;
+            description = "Add dnsmasq's built in resolver to lan clients DHCP responses";
+          };
+
+          dhcp.dns.nameservers = mkOption {
             type = types.listOf (types.strMatching regex.ipv4);
             default = [];
             description = "List of IP Addresses of DNS servers to use as upstream DNS servers in the DHCP/DNS server. If left empty, it will use host's DNS servers";
           };
 
-          dns.useHostResolvConf = mkOption {
-            type = types.bool;
-            default = true;
-            description = "Whether to use host's /etc/resolv.conf for upstream DNS queries.";
-          };
-
-          dns.zonefiles = mkOption {
+          dhcp.dns.zonefiles = mkOption {
             default = null;
             description = "Additional zonefiles to add for the DNS server";
           };