diff --git a/ansible/playbooks/roles/vhosts/common/tasks/disable-systemd-resolved.yml b/ansible/playbooks/roles/vhosts/common/tasks/disable-systemd-resolved.yml
new file mode 100644
index 00000000..2ff43ff3
--- /dev/null
+++ b/ansible/playbooks/roles/vhosts/common/tasks/disable-systemd-resolved.yml
@@ -0,0 +1,27 @@
+- name: Stop systemd-resolved
+  systemd:
+    name: systemd-resolved
+    state: stopped
+    enabled: no
+
+- name: Remove /etc/resolv.conf if it's a symlink
+  file:
+    path: /etc/resolv.conf
+    state: absent
+    force: true
+
+- name: Create static /etc/resolv.conf
+  copy:
+    dest: /etc/resolv.conf
+    content: |
+      nameserver 8.8.8.8
+      nameserver 1.1.1.1
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Optionally make resolv.conf immutable to prevent changes
+  command: chattr +i /etc/resolv.conf
+  args:
+    warn: false
+  when: make_resolv_conf_immutable | default(false)
diff --git a/ansible/playbooks/roles/vhosts/common/tasks/main.yml b/ansible/playbooks/roles/vhosts/common/tasks/main.yml
index acf68fe9..8cfd29a5 100644
--- a/ansible/playbooks/roles/vhosts/common/tasks/main.yml
+++ b/ansible/playbooks/roles/vhosts/common/tasks/main.yml
@@ -13,10 +13,14 @@
 - name: Run secure_ssh.sh script
   script: files/secure_ssh.sh
 
+- name: Disable systemd-resolved and set static DNS
+  include_tasks: disable-systemd-resolved.yml
+
 - name: Install packages
   script: files/install-packages.sh
   when: (ansible_facts['distribution'] == "Ubuntu") or (ansible_facts['distribution'] == "Debian")
 
+
 #- name: Include GPU Configuration
 #  include_tasks: include_gpu.yaml
 #  when: (ansible_facts['distribution'] == "Ubuntu") or (ansible_facts['distribution'] == "Debian")