diff --git a/modules/wireguard/ehex.nix b/modules/wireguard/ehex.nix
index b3e5ce6..1b29b7c 100644
--- a/modules/wireguard/ehex.nix
+++ b/modules/wireguard/ehex.nix
@@ -1,5 +1,6 @@
 {
   lib,
+  pkgs,
   config,
   ...
 }: let
@@ -32,10 +33,8 @@ in {
         ips = cfg.ownIPs;
         privateKeyFile = cfg.privateKeyFile;
         postSetup = ''
-          printf "nameserver 10.0.66.10\nnameserver 10.0.66.12" | resolvconf -a wg-ehex -m 0 -x
-        '';
-        postShutdown = ''
-          resolvconf -d wg-ehex -f
+          ${pkgs.systemd}/bin/resolvectl dns wg-ehex 10.0.66.10 10.0.66.12
+          ${pkgs.systemd}/bin/resolvectl domain wg-ehex ehex.cloud
         '';
         peers = [
           {
diff --git a/modules/wireguard/private.nix b/modules/wireguard/private.nix
index ce960ac..06a55b4 100644
--- a/modules/wireguard/private.nix
+++ b/modules/wireguard/private.nix
@@ -57,7 +57,8 @@ in {
           + (
             if cfg.useDNS
             then ''
-              printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x
+              ${pkgs.systemd}/bin/resolvectl dns wg-private 10.13.12.7 fd00:b12f:acab:1312:acab:7::
+              ${pkgs.systemd}/bin/resolvectl domain wg-private ~.
             ''
             else ""
           )
@@ -76,9 +77,6 @@ in {
             ''
             else ""
           );
-        postShutdown = lib.mkIf cfg.useDNS ''
-          resolvconf -d wg-private -f
-        '';
         peers = [
           {
             # frikandel