diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index 7259be4c904..01b5e9d7746 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -227,6 +227,12 @@ $ nix-instantiate -E '(import &lt;nixpkgsunstable&gt; {}).gitFull'
      </para>
     </note>
    </listitem>
+   <listitem>
+    <para>
+     <literal>networking.networkmanager.useDnsmasq</literal> has been deprecated. Use
+     <literal>networking.networkmanager.dns</literal> instead.
+    </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index a1ead80cc21..56b7bf00448 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -17,6 +17,7 @@ with lib;
     (mkRenamedOptionModule [ "networking" "enableIntel2100BGFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
     (mkRenamedOptionModule [ "networking" "enableRalinkFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
     (mkRenamedOptionModule [ "networking" "enableRTL8192cFirmware" ] [ "hardware" "enableRedistributableFirmware" ])
+    (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ])
 
     (mkRenamedOptionModule [ "services" "cadvisor" "host" ] [ "services" "cadvisor" "listenAddress" ])
     (mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
index 10e96eb4036..f4c4adcaaeb 100644
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -10,7 +10,8 @@ let
   stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc";
 
   dns =
-    if cfg.useDnsmasq then "dnsmasq"
+    if cfg.dns == "none" then "none"
+    else if cfg.dns == "dnsmasq" then "dnsmasq"
     else if config.services.resolved.enable then "systemd-resolved"
     else if config.services.unbound.enable then "unbound"
     else "default";
@@ -205,14 +206,20 @@ in {
         };
       };
 
-      useDnsmasq = mkOption {
-        type = types.bool;
-        default = false;
+      dns = mkOption {
+        type = types.enum [ "auto" "dnsmasq" "none" ];
+        default = "auto";
         description = ''
-          Enable NetworkManager's dnsmasq integration. NetworkManager will run
-          dnsmasq as a local caching nameserver, using a "split DNS"
-          configuration if you are connected to a VPN, and then update
-          resolv.conf to point to the local nameserver.
+          Options:
+            - auto: Check for systemd-resolved, unbound, or use default.
+            - dnsmasq:
+              Enable NetworkManager's dnsmasq integration. NetworkManager will run
+              dnsmasq as a local caching nameserver, using a "split DNS"
+              configuration if you are connected to a VPN, and then update
+              resolv.conf to point to the local nameserver.
+            - none:
+              Disable NetworkManager's DNS integration completely.
+              It will not touch your /etc/resolv.conf.
         '';
       };
 
