Sound good on the first reading. But this only works if the node can reach the netmaker server. If have a vpn where the nodes cannot reach netmaker via wireguard ports this might fail. It is a bit theoretical, but may happen ( as the islocal setting for the network) But on the other hand netmaker could recognize that and prevent setting dns via resolvectl on these servers