{ pkgs, lib, config, ... }:
{
  services.resolved = { enable = true;
    domains = [ "~." ];
    fallbackDns = [ "" ];
    dnssec = "true";
    dnsovertls = lib.mkDefault "false";
    # Deprecated in favor of MulticastDNS
    llmnr = "false";
    extraConfig = lib.mkDefault ''
      MulticastDNS=false
    '';
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-lan {
        #udp dport mdns counter accept comment "systemd-resolved: MulticastDNS"
      }
      chain output-lan {
        #skuid ${config.users.users.systemd-resolve.name} udp sport mdns udp dport mdns counter accept comment "MulticastDNS"
        #meta l4proto { udp, tcp } th dport domain skuid ${config.users.users.systemd-resolve.name} counter accept comment "systemd-resolved: DNS"
      }
      chain output-net {
        #meta l4proto { udp, tcp } th dport domain skuid ${config.users.users.systemd-resolve.name} counter accept comment "systemd-resolved: DNS"
      }
    }
  '';
}