diff --git a/SPECS/systemd/networkd-default-use-domains.patch b/SPECS/systemd/networkd-default-use-domains.patch
new file mode 100644
index 00000000000..183d9b48139
--- /dev/null
+++ b/SPECS/systemd/networkd-default-use-domains.patch
@@ -0,0 +1,184 @@
+diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
+index 85b21ee..50af6e1 100644
+--- a/man/networkd.conf.xml
++++ b/man/networkd.conf.xml
+@@ -182,6 +182,15 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+         </example>
+         </listitem>
+       </varlistentry>
++
++      <varlistentry>
++        <term><varname>UseDomains=</varname></term>
++          <listitem><para>Specifies the default value for per-network <varname>UseDomains=</varname>.
++          Takes a boolean. See for details in
++          <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
++          Defaults to <literal>no</literal>.</para>
++        </listitem>
++      </varlistentry>
+     </variablelist>
+   </refsect1>
+ 
+@@ -202,6 +211,7 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+       <varlistentry>
+         <term><varname>DUIDType=</varname></term>
+         <term><varname>DUIDRawData=</varname></term>
++        <term><varname>UseDomains=</varname></term>
+         <listitem><para>As in the [DHCPv4] section.</para></listitem>
+       </varlistentry>
+     </variablelist>
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index a98157d..aba93cb 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -1954,7 +1954,9 @@ Table=1234</programlisting></para>
+           to the effect of the <option>Domains=</option> setting. If set to <option>route</option>, the
+           domain name received from the DHCP server will be used for routing DNS queries only, but not
+           for searching, similar to the effect of the <option>Domains=</option> setting when the
+-          argument is prefixed with <literal>~</literal>. Defaults to false.</para>
++          argument is prefixed with <literal>~</literal>.When unspecified, the value specified in the same
++          setting in<citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
++          which defaults to <literal>no</literal>, will be used.</para>
+ 
+           <para>It is recommended to enable this option only on trusted networks, as setting this
+           affects resolution of all hostnames, in particular of single-label names. It is generally
+diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
+index 7996960..3c79e8d 100644
+--- a/src/network/networkd-dhcp-common.c
++++ b/src/network/networkd-dhcp-common.c
+@@ -455,6 +455,8 @@ int config_parse_dhcp_use_domains(
+         return 0;
+ }
+ 
++DEFINE_CONFIG_PARSE_ENUM(config_parse_default_dhcp_use_domains, dhcp_use_domains, DHCPUseDomains, "Failed to parse UseDomains=")
++
+ int config_parse_dhcp_use_ntp(
+                 const char* unit,
+                 const char *filename,
+diff --git a/src/network/networkd-dhcp-common.h b/src/network/networkd-dhcp-common.h
+index c19bc10..5a1d446 100644
+--- a/src/network/networkd-dhcp-common.h
++++ b/src/network/networkd-dhcp-common.h
+@@ -92,6 +92,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_or_ra_route_metric);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_dns);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_domains);
++CONFIG_PARSER_PROTOTYPE(config_parse_default_dhcp_use_domains);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_ntp);
+ CONFIG_PARSER_PROTOTYPE(config_parse_iaid);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_or_ra_route_table);
+diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
+index 8ed90f0..2bdeec0 100644
+--- a/src/network/networkd-gperf.gperf
++++ b/src/network/networkd-gperf.gperf
+@@ -26,8 +26,10 @@ Network.SpeedMeterIntervalSec,           config_parse_sec,
+ Network.ManageForeignRoutingPolicyRules, config_parse_bool,                      0,          offsetof(Manager, manage_foreign_rules)
+ Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
+ Network.RouteTable,                      config_parse_route_table_names,         0,          0
++DHCPv4.UseDomains,                       config_parse_default_dhcp_use_domains,  0,          offsetof(Manager, dhcp_use_domains)
+ DHCPv4.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp_duid)
+ DHCPv4.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp_duid)
++DHCPv6.UseDomains,                       config_parse_default_dhcp_use_domains,  0,          offsetof(Manager, dhcp6_use_domains)
+ DHCPv6.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp6_duid)
+ DHCPv6.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp6_duid)
+ /* Deprecated */
+diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
+index 3631358..cd0012c 100644
+--- a/src/network/networkd-manager.h
++++ b/src/network/networkd-manager.h
+@@ -54,6 +54,9 @@ struct Manager {
+         OrderedSet *address_pools;
+         Set *dhcp_pd_subnet_ids;
+ 
++        DHCPUseDomains dhcp_use_domains;
++        DHCPUseDomains dhcp6_use_domains;
++
+         usec_t network_dirs_ts_usec;
+ 
+         DUID dhcp_duid;
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 873ad2e..ddec0e1 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -393,6 +393,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+                 .dhcp_use_sip = true,
+                 .dhcp_use_dns = true,
+                 .dhcp_routes_to_dns = true,
++                .dhcp_use_domains = manager->dhcp_use_domains,
+                 .dhcp_use_hostname = true,
+                 .dhcp_use_routes = true,
+                 .dhcp_use_gateway = -1,
+@@ -407,6 +408,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+                 .dhcp6_use_address = true,
+                 .dhcp6_use_pd_prefix = true,
+                 .dhcp6_use_dns = true,
++                .dhcp6_use_domains = manager->dhcp6_use_domains,
+                 .dhcp6_use_hostname = true,
+                 .dhcp6_use_ntp = true,
+                 .dhcp6_duid.type = _DUID_TYPE_INVALID,
+diff --git a/src/network/networkd.conf b/src/network/networkd.conf
+index 38dc9f1..03c319a 100644
+--- a/src/network/networkd.conf
++++ b/src/network/networkd.conf
+@@ -22,7 +22,9 @@
+ [DHCPv4]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+ 
+ [DHCPv6]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
+index cc450ae..2c076b9 100755
+--- a/test/test-network/systemd-networkd-tests.py
++++ b/test/test-network/systemd-networkd-tests.py
+@@ -4977,6 +4977,48 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
+         output = check_output(*resolvectl_cmd, 'domain', 'veth99', env=env)
+         print(output)
+         self.assertRegex(output, 'example.com')
++    
++    def test_dhcp_client_default_use_domains(self):        
++        def check(self, ipv4, ipv6):
++            os.makedirs(networkd_conf_dropin_path, exist_ok=True)
++            with open(os.path.join(networkd_conf_dropin_path, 'default_use_domains.conf'), mode='w', encoding='utf-8') as f:
++                f.write('[DHCPv4]\nUseDomains=')
++                f.write('yes\n' if ipv4 else 'no\n')
++                f.write('[DHCPv6]\nUseDomains=')
++                f.write('yes\n' if ipv6 else 'no\n')
++            
++            restart_networkd()
++            self.wait_online(['veth-peer:carrier'])
++            start_dnsmasq('--dhcp-option=option:dns-server,192.168.5.1 --dhcp-option=option6:dns-server,[2600::1] --dhcp-option=option:domain-search,example.com --dhcp-option=option6:domain-search,example.com')
++
++            self.wait_online(['veth99:routable', 'veth-peer:routable'])
++
++            # link becomes 'routable' when at least one protocol provide an valid address. Hence, we need to explicitly wait for both addresses.
++            self.wait_address('veth99', r'inet 192.168.5.[0-9]*/24 metric 1024 brd 192.168.5.255 scope global dynamic', ipv='-4')
++            self.wait_address('veth99', r'inet6 2600::[0-9a-f]*/128 scope global (dynamic noprefixroute|noprefixroute dynamic)', ipv='-6')
++
++            for _ in range(20):
++                output = check_output(*resolvectl_cmd, 'domain', 'veth99', env=env)
++                if ipv4 or ipv6:
++                    if 'example.com' in output:
++                        break
++                else:
++                    if 'example.com' not in output:
++                        break
++                time.sleep(0.5)
++            else:
++                print(output)
++                self.fail('unexpected domain setting in resolved...')
++            
++            stop_dnsmasq()
++            remove_networkd_conf_dropin(['default_use_domains.conf'])
++
++        copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client.network')
++        networkd_ci_path
++        check(self, True, True)
++        check(self, True, False)
++        check(self, False, True)
++        check(self, False, False)
+ 
+     def test_dhcp_client_decline(self):
+         copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-decline.network', 'dhcp-client-decline.network')
diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec
index 6f13451adc5..4350d82faff 100644
--- a/SPECS/systemd/systemd.spec
+++ b/SPECS/systemd/systemd.spec
@@ -1,7 +1,7 @@
 Summary:        Systemd-250
 Name:           systemd
 Version:        250.3
-Release:        20%{?dist}
+Release:        21%{?dist}
 License:        LGPLv2+ AND GPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -30,6 +30,7 @@ Patch8:         serve-stale-0002-resolved-Initialize-until_valid-while-storing-n
 # Patch9 and Patch10 should be dropped for mariner 3
 Patch9:         mariner-2-do-not-default-zstd-journal-files-for-backwards-compatibility.patch
 Patch10:        mariner-2-force-use-of-lz4-for-coredump.patch
+Patch11:        networkd-default-use-domains.patch
 BuildRequires:  audit-devel
 BuildRequires:  cryptsetup-devel
 BuildRequires:  docbook-dtd-xml
@@ -288,6 +289,9 @@ fi
 %files lang -f %{name}.lang
 
 %changelog
+* Mon Apr 08 2024 Henry Li <lihl@microsoft.com> - 250.3-21
+- Add patch to allow configurability of "UseDomains=" for networkd
+
 * Thu Mar 14 2024 Dan Streetman <ddstreet@microsoft.com> - 250.3-20
 - force use of lz4 for coredump