diff --git a/infra/common/nixos/networking.nix b/infra/common/nixos/networking.nix
index 3ce6d0bd..0a703e9c 100644
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@@ -21,13 +21,8 @@ in
         ## REVIEW: Do we actually need that, considering that we have static IPs?
         useDHCP = mkDefault true;
 
-        nameservers = [
-          "95.215.185.6"
-          "95.215.185.7"
-          "2a00:51c0::5fd7:b906"
-          "2a00:51c0::5fd7:b907"
-        ];
-
+        ## Disable the default firewall and use nftables instead, with a custom
+        ## Procolix-made ruleset.
         firewall.enable = false;
         nftables = {
           enable = true;
@@ -44,6 +39,10 @@ in
           address = config.fediversityVm.ipv4.gateway;
           interface = config.fediversityVm.ipv4.interface;
         };
+        nameservers = [
+          "95.215.185.6"
+          "95.215.185.7"
+        ];
       })
 
       ## IPv6
@@ -55,6 +54,10 @@ in
           address = config.fediversityVm.ipv6.gateway;
           interface = config.fediversityVm.ipv6.interface;
         };
+        nameservers = [
+          "2a00:51c0::5fd7:b906"
+          "2a00:51c0::5fd7:b907"
+        ];
       })
     ];
   };