diff --git a/setup/start.sh b/setup/start.sh
index 15f1591fd..ef53ca67d 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -72,13 +72,14 @@ systemctl restart apparmor
 usermod yellowtent -a -G docker
 temp_file=$(mktemp)
 # some apps do not work with aufs
-sed -e 's,^ExecStart=.*$,ExecStart=/usr/bin/docker daemon -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=devicemapper,' /lib/systemd/system/docker.service > "${temp_file}"
+sed -e 's,^ExecStart=.*$,ExecStart=/usr/bin/docker daemon -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=devicemapper --dns=172.18.0.1 --dns-search=.,' /lib/systemd/system/docker.service > "${temp_file}"
 systemctl enable docker
 if ! diff -q /lib/systemd/system/docker.service "${temp_file}" >/dev/null; then
     mv "${temp_file}" /lib/systemd/system/docker.service
     systemctl daemon-reload
     systemctl restart docker
 fi
+docker network create --subnet=172.18.0.0/16 cloudron || true
 
 # caas has ssh on port 202 and we disable password login
 if [[ "${arg_provider}" == "caas" ]]; then
@@ -160,7 +161,9 @@ systemctl enable --now cron
 
 # DO uses Google nameservers by default. This causes RBL queries to fail (host 2.0.0.127.zen.spamhaus.org)
 # We do not use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)
-systemctl enable --now unbound
+echo -e "server:\n\tinterface: 172.18.0.1\n\tinterface: 127.0.0.1\n\taccess-control: 127.0.0.1 allow\n\taccess-control: 172.18.0.1/16 allow" > /etc/unbound/unbound.conf.d/cloudron-network.conf
+systemctl enable unbound
+systemctl restart unbound
 
 echo "==> Configuring sudoers"
 rm -f /etc/sudoers.d/yellowtent
diff --git a/src/platform.js b/src/platform.js
index 6e1edf7a1..4f9722905 100644
--- a/src/platform.js
+++ b/src/platform.js
@@ -55,7 +55,6 @@ function initialize(callback) {
 
     async.series([
         stopContainers.bind(null, existingInfra),
-        createDockerNetwork,
         startAddons.bind(null, existingInfra),
         removeOldImages,
         startApps.bind(null, existingInfra),
@@ -117,10 +116,6 @@ function stopContainers(existingInfra, callback) {
     callback();
 }
 
-function createDockerNetwork(callback) {
-    shell.execSync('createDockerNetwork', 'docker network create --subnet=172.18.0.0/16 cloudron || true', callback);
-}
-
 function startGraphite(callback) {
     const tag = infra.images.graphite.tag;
     const dataDir = paths.DATA_DIR;