diff --git a/modules/services/hickory-dns/default.nix b/modules/services/hickory-dns/default.nix
index f5fb3a04f..462b4fa18 100644
--- a/modules/services/hickory-dns/default.nix
+++ b/modules/services/hickory-dns/default.nix
@@ -61,7 +61,9 @@ let
         type = types.bool;
         default = false;
         description = ''
-          act as a recursive resolver
+          act as a recursive resolver.
+
+          WARNING: the recursive resolver feature is beta, there are *many* domains that it simply fails to resolve.
         '';
       };
       extraConfig = mkOption {
@@ -202,59 +204,60 @@ in
     # - see: <https://github.com/hickory-dns/hickory-dns/issues/2082>
     # services.hickory-dns.debug = true;
 
-    services.hickory-dns.package = pkgs.hickory-dns.override {
-      rustPlatform.buildRustPackage = args: pkgs.rustPlatform.buildRustPackage (args // {
-        buildFeatures = [
-          # to find available features: `rg 'feature ='`
-          "dnssec"  #< else the recursor doesn't compile
-          # "dnssec-openssl"  #< else dnssec doesn't compile
-          "dnssec-ring"  #< else dnssec doesn't compile
-          "recursor"
-          # "backtrace"
-          # "dns-over-h3"
-          # "dns-over-https"
-          # "dns-over-https-rustls"
-          # "dns-over-native-tls"
-          # "dns-over-quic"
-          # "dns-over-rustls"
-          # "dns-over-tls"
-          # "dnssec-openssl"
-          # "mdns"
-          # "native-certs"
-          # "serde"
-          # "system-config"
-          # "tokio-runtime"
-          # "webpki-roots"
-        ];
+    # XXX(2024/11/09): uncomment if you want to use hickory-dns as a recursive resolver again
+    # services.hickory-dns.package = pkgs.hickory-dns.override {
+    #   rustPlatform.buildRustPackage = args: pkgs.rustPlatform.buildRustPackage (args // {
+    #     buildFeatures = [
+    #       # to find available features: `rg 'feature ='`
+    #       "dnssec"  #< else the recursor doesn't compile
+    #       # "dnssec-openssl"  #< else dnssec doesn't compile
+    #       "dnssec-ring"  #< else dnssec doesn't compile
+    #       "recursor"
+    #       # "backtrace"
+    #       # "dns-over-h3"
+    #       # "dns-over-https"
+    #       # "dns-over-https-rustls"
+    #       # "dns-over-native-tls"
+    #       # "dns-over-quic"
+    #       # "dns-over-rustls"
+    #       # "dns-over-tls"
+    #       # "dnssec-openssl"
+    #       # "mdns"
+    #       # "native-certs"
+    #       # "serde"
+    #       # "system-config"
+    #       # "tokio-runtime"
+    #       # "webpki-roots"
+    #     ];
 
-        # XXX(2024-11-07): upstream hickory-dns has a recursive resolver *almost* as capable as my own.
-        # it fails against a few sites mine works on:
-        # - `en.wikipedia.org.`  (doesn't follow the CNAME)
-        # it fails against sites mine fails on:
-        # - `social.kernel.org.`
-        # - `support.mozilla.org.`
-        # version = "0.25.0-alpha.2";
-        # src = pkgs.fetchFromGitHub {
-        #   owner = "hickory-dns";
-        #   repo = "hickory-dns";
-        #   rev = "v0.25.0-alpha.2";
-        #   hash = "sha256-bEVApMM6/I3nF1lyRhd+7YtZuSAwiozRkMorRLhLOBY=";
-        # };
-        # cargoHash = "sha256-KFPwVFixLaL9cdXTAIVJUqmtW1V5GTmvFaK5N5SZKyU=";
+    #     # XXX(2024-11-07): upstream hickory-dns has a recursive resolver *almost* as capable as my own.
+    #     # it fails against a few sites mine works on:
+    #     # - `en.wikipedia.org.`  (doesn't follow the CNAME)
+    #     # it fails against sites mine fails on:
+    #     # - `social.kernel.org.`
+    #     # - `support.mozilla.org.`
+    #     # version = "0.25.0-alpha.2";
+    #     # src = pkgs.fetchFromGitHub {
+    #     #   owner = "hickory-dns";
+    #     #   repo = "hickory-dns";
+    #     #   rev = "v0.25.0-alpha.2";
+    #     #   hash = "sha256-bEVApMM6/I3nF1lyRhd+7YtZuSAwiozRkMorRLhLOBY=";
+    #     # };
+    #     # cargoHash = "sha256-KFPwVFixLaL9cdXTAIVJUqmtW1V5GTmvFaK5N5SZKyU=";
 
-        # fix enough bugs inside the recursive resolver that it's compatible with my infra.
-        # TODO: upstream these patches!
-        version = "0.24.1-unstable-2024-08-19";
-        src = pkgs.fetchFromGitea {
-          domain = "git.uninsane.org";
-          owner = "colin";
-          repo = "hickory-dns";
-          rev = "4fd7a8305e333117278e216fa9f81984f1e256b6";  # Recursor: handle NS responses with a different type and no SOA  (fix: api.mangadex.org., m.wikipedia.org.)
-          hash = "sha256-pNCuark/jvyRABR9Hdd60vndppaE3suvTP3UfCfsimI=";
-        };
-        cargoHash = "sha256-6yV/qa1CVndHDs/7AK5wVTYIV8NmNqkHL3JPZUN31eM=";
-      });
-    };
+    #     # fix enough bugs inside the recursive resolver that it's compatible with my infra.
+    #     # TODO: upstream these patches!
+    #     version = "0.24.1-unstable-2024-08-19";
+    #     src = pkgs.fetchFromGitea {
+    #       domain = "git.uninsane.org";
+    #       owner = "colin";
+    #       repo = "hickory-dns";
+    #       rev = "4fd7a8305e333117278e216fa9f81984f1e256b6";  # Recursor: handle NS responses with a different type and no SOA  (fix: api.mangadex.org., m.wikipedia.org.)
+    #       hash = "sha256-pNCuark/jvyRABR9Hdd60vndppaE3suvTP3UfCfsimI=";
+    #     };
+    #     cargoHash = "sha256-6yV/qa1CVndHDs/7AK5wVTYIV8NmNqkHL3JPZUN31eM=";
+    #   });
+    # };
     services.hickory-dns.settings.directory = "/var/lib/hickory-dns";
 
     users.groups.hickory-dns = {};