diff --git a/hosts/nas/modules/pyload.nix b/hosts/nas/modules/pyload.nix
index ecb44b0..dd1e65c 100644
--- a/hosts/nas/modules/pyload.nix
+++ b/hosts/nas/modules/pyload.nix
@@ -83,6 +83,14 @@ in
     };
 
     serviceConfig = {
+      # Bind-mount DNS configuration files into the sandboxed service
+      BindReadOnlyPaths = [
+        "/etc/resolv.conf"
+        "/etc/nsswitch.conf"
+        "/etc/hosts"
+        "/etc/ssl"
+        "/etc/static/ssl"
+      ];
       # Bind mount multimedia directory as writable for FileBot hook scripts
       BindPaths = [ "/var/lib/multimedia" ];