diff --git a/install/config/config.sh b/install/config/config.sh
index 2f420e8d..f42f96f9 100644
--- a/install/config/config.sh
+++ b/install/config/config.sh
@@ -29,6 +29,9 @@ sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1
 # Set Cloudflare as primary DNS (with Google as backup)
 sudo cp ~/.local/share/omarchy/default/systemd/resolved.conf /etc/systemd/
 
+# Ensure /etc/resolv.conf is symlinked to systemd-resolved's stub resolver
+sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+
 # Solve common flakiness with SSH
 echo "net.ipv4.tcp_mtu_probing=1" | sudo tee -a /etc/sysctl.d/99-sysctl.conf
 
diff --git a/install/development/docker.sh b/install/development/docker.sh
index 14220d98..3dc420d6 100644
--- a/install/development/docker.sh
+++ b/install/development/docker.sh
@@ -2,9 +2,22 @@
 
 yay -S --noconfirm --needed docker docker-compose docker-buildx
 
-# Limit log size to avoid running out of disk
+# Configure Docker daemon:
+# - limit log size to avoid running out of disk
+# - use host's DNS resolver
 sudo mkdir -p /etc/docker
-echo '{"log-driver":"json-file","log-opts":{"max-size":"10m","max-file":"5"}}' | sudo tee /etc/docker/daemon.json
+sudo tee /etc/docker/daemon.json >/dev/null <<'EOF'
+{
+    "log-driver": "json-file",
+    "log-opts": { "max-size": "10m", "max-file": "5" },
+    "dns": ["172.17.0.1"],
+    "bip": "172.17.0.1/16"
+}
+EOF
+
+# Expose systemd-resolved to our Docker network
+echo -e '[Resolve]\nDNSStubListenerExtra=172.17.0.1' | sudo tee /etc/systemd/resolved.conf.d/20-docker-dns.conf >/dev/null
+sudo systemctl restart systemd-resolved
 
 # Start Docker automatically
 sudo systemctl enable docker
diff --git a/migrations/1754984623.sh b/migrations/1754984623.sh
new file mode 100644
index 00000000..e5894a4a
--- /dev/null
+++ b/migrations/1754984623.sh
@@ -0,0 +1,3 @@
+echo "Ensure DNS resolver configuration is properly symlinked"
+
+sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
diff --git a/migrations/1754984734.sh b/migrations/1754984734.sh
new file mode 100644
index 00000000..fc39b17e
--- /dev/null
+++ b/migrations/1754984734.sh
@@ -0,0 +1,21 @@
+echo "Configure Docker to use the host's DNS resolver"
+
+# If the daemon configuration has been changed since we wrote it, leave it as-is
+ORIGINAL_CONFIG='{"log-driver":"json-file","log-opts":{"max-size":"10m","max-file":"5"}}'
+
+NEW_CONFIG='{
+    "log-driver": "json-file",
+    "log-opts": { "max-size": "10m", "max-file": "5" },
+    "dns": ["172.17.0.1"],
+    "bip": "172.17.0.1/16"
+}'
+
+if grep -Fq "$ORIGINAL_CONFIG" /etc/docker/daemon.json 2>/dev/null; then
+  echo "$NEW_CONFIG" | sudo tee /etc/docker/daemon.json >/dev/null
+fi
+
+# Expose systemd-resolved to our Docker network
+echo -e '[Resolve]\nDNSStubListenerExtra=172.17.0.1' | sudo tee /etc/systemd/resolved.conf.d/20-docker-dns.conf >/dev/null
+
+sudo systemctl restart systemd-resolved
+sudo systemctl restart docker