fix(sj-srv1,containers, systemd-resolved): resolve via dhcp, host, and never use fallbacks

nix/os/devices/sj-srv1/system.nix

@@ -11,6 +11,23 @@
 in {
   imports = [
     ../../snippets/systemd-resolved.nix
+    {
+      # make sure it uses the DNS that comes in via DHCP
+      networking.nameservers = lib.mkForce [];
+      services.resolved.enable = true;
+
+      # provide DNS to the containers
+      services.resolved.extraConfig = ''
+        DNSStubListenerExtra=${hostBridgeAddress}
+      '';
+      networking.firewall.interfaces.br0.allowedTCPPorts = [53];
+      networking.firewall.interfaces.br0.allowedUDPPorts = [53];
+    }
+  ];
+
+  programs.wireshark.enable = true;
+  environment.systemPackages = [
+    pkgs.dnsutils
   ];
 
   networking.firewall.enable = true;
@@ -83,6 +100,9 @@ in {
     enable = true;
     matchConfig.Name = "dmz0";
     DHCP = "yes";
+
+    dhcpV4Config.UseDNS = true;
+    dhcpV6Config.UseDNS = true;
   };
 
   boot.kernel.sysctl = {
@@ -134,6 +154,7 @@ in {
     mailserver = import ../../containers/mailserver.nix {
       specialArgs = {
         inherit repoFlake nodeFlake;
+        hostAddress = hostBridgeAddress;
       };
 
       autoStart = true;
@@ -151,6 +172,7 @@ in {
       {
         specialArgs = {
           inherit repoFlake nodeFlake;
+          hostAddress = hostBridgeAddress;
         };
 
         autoStart = true;
@@ -167,6 +189,7 @@ in {
     syncthing = import ../../containers/syncthing.nix {
       specialArgs = {
         inherit repoFlake nodeFlake;
+        hostAddress = hostBridgeAddress;
       };
       autoStart = true;