diff --git a/hosts/shared/network.nix b/hosts/shared/network.nix
index 9f560b6..cc6bfad 100644
--- a/hosts/shared/network.nix
+++ b/hosts/shared/network.nix
@@ -1,7 +1,7 @@
 { lib, ... }: {
   networking = {
     nameservers = [
-      "10.10.10.10"
+      "10.10.10.11"
     ];
     useDHCP = lib.mkDefault false;
   };
diff --git a/hosts/shared/wireguard.nix b/hosts/shared/wireguard.nix
index 1cbc3dd..d89e772 100644
--- a/hosts/shared/wireguard.nix
+++ b/hosts/shared/wireguard.nix
@@ -16,6 +16,7 @@ in
 {
   nodeconfig.wireguard = {
     inherit interface-name;
+    dns = [ "10.10.10.11" ];
     endpoint = "165.232.180.97:51821";
     endpoint-publickey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
     allowed-ips = if hostName == "skipper" then [ "10.10.10.0/24" ] else [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ];
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index d33a08d..50344f6 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -37,6 +37,11 @@ let cfg = config.nodeconfig; in {
         default = "wg0";
         description = "Name of the WireGuard interface created";
       };
+      dns = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        description = "list of DNS servers";
+      };
       allowed-ips = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         default = [ "10.0.0.0/24" "fd7c::/64" ];
@@ -56,7 +61,7 @@ let cfg = config.nodeconfig; in {
       interfaces = {
         "${cfg.wireguard.interface-name}" = {
           address = cfg.wireguard.node-ips;
-          dns = [ "10.10.10.10" ];
+          dns = cfg.wireguard.dns;
           listenPort = cfg.wireguard.listen-port;
           privateKeyFile = cfg.wireguard.pk-file;
           peers = [