diff --git a/hosts b/hosts
index 56e8d98..082ce74 100644
--- a/hosts
+++ b/hosts
@@ -2,6 +2,7 @@
 gw11.regensburg.freifunk.net
 gw21.regensburg.freifunk.net
 gw31.regensburg.freifunk.net
+ns1.regensburg.freifunk.net
 web.regensburg.freifunk.net
 stats.ffrgb ansible_host=10.90.224.100
 unms.ffrgb ansible_host=10.90.224.101
diff --git a/roles/dns_auth/handlers/main.yml b/roles/dns_auth/handlers/main.yml
new file mode 100644
index 0000000..ae00ee9
--- /dev/null
+++ b/roles/dns_auth/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Restart powerdns
+  service: name=pdns state=restarted
diff --git a/roles/dns_auth/tasks/main.yml b/roles/dns_auth/tasks/main.yml
new file mode 100644
index 0000000..580ada5
--- /dev/null
+++ b/roles/dns_auth/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+
+- name: Enable powerdns apt-key
+  apt_key: url='https://repo.powerdns.com/FD380FBB-pub.asc'
+
+- name: Enable powerdns repository
+  apt_repository: repo='deb http://repo.powerdns.com/debian buster-auth-43 main'
+
+- name: Install powerdns
+  apt:
+    name:
+    - pdns-server
+    - pdns-backend-sqlite3
+    - sqlite3
+
+- name: Configure powerdns
+  template: src=pdns.conf.j2 dest=/etc/powerdns/pdns.conf
+  notify: Restart powerdns
+
+- name: Initialize database
+  command:
+    cmd: >
+      sqlite3 -init /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql
+      /var/lib/powerdns/powerdns.sqlite3
+    creates: /var/lib/powerdns/powerdns.sqlite3
+
+- name: Start the powerdns services
+  service: name=pdns state=started enabled=yes
diff --git a/roles/dns_auth/templates/pdns.conf.j2 b/roles/dns_auth/templates/pdns.conf.j2
new file mode 100644
index 0000000..2a5956b
--- /dev/null
+++ b/roles/dns_auth/templates/pdns.conf.j2
@@ -0,0 +1,31 @@
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+# allow-axfr-ips=127.0.0.0/8,::1
+allow-axfr-ips=127.0.0.1,::1
+
+#################################
+# dname-processing	If we should support DNAME records
+#
+# dname-processing=no
+dname-processing=yes
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+launch=gsqlite3
+
+gsqlite3-database=/var/lib/powerdns/powerdns.sqlite3
+
+#################################
+# master	Act as a master
+#
+# master=no
+master=yes
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+only-notify=
diff --git a/site.yml b/site.yml
index 1e15270..26b1510 100644
--- a/site.yml
+++ b/site.yml
@@ -26,6 +26,11 @@
   - yanic
   - web_gw
 
+- name: Setup name servers
+  hosts: ns1.regensburg.freifunk.net
+  roles:
+  - dns_auth
+
 - name: Setup web service proxy
   hosts: web.regensburg.freifunk.net
   roles: