diff --git a/hosts/common/optional/docker/default.nix b/hosts/common/optional/docker/default.nix
index 8d06604..9a7272a 100644
--- a/hosts/common/optional/docker/default.nix
+++ b/hosts/common/optional/docker/default.nix
@@ -17,6 +17,9 @@
     };
   };
 
+  # need to open firewall for dns resolving. see https://github.com/NixOS/nixpkgs/issues/226365#issuecomment-1814296639
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+
   environment.persistence."/persist" = {
     hideMounts = true;
     directories = [