diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix
index 7658018..b470ec8 100644
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -1,119 +1,121 @@
 { config, ... }: {
   services.unbound = {
     enable = true;
-    server = {
-      interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
-      tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
+    settings = {
+      server = {
+        interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
+        tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem";
+      };
+      local-data = [
+        "localhost A 127.0.0.1"
+        "localhost.cloonar.com A 127.0.0.1"
+        "localhost AAAA ::1"
+        "localhost.cloonar.com AAAA ::1"
+        "fw.cloonar.com A 10.42.97.1"
+        "fw A 10.42.97.1"
+
+        "switch.cloonar.com IN A 10.42.97.10"
+        "drone.cloonar.com IN A 10.42.97.118"
+        "hv-02.cloonar.com IN A 10.42.97.3"
+        "home-assistant.cloonar.com IN A 10.42.97.20"
+        "deconz.cloonar.com IN A 10.42.97.20"
+        "mopidy.cloonar.com IN A 10.42.97.20"
+        "snapcast.cloonar.com IN A 10.42.97.20"
+        "cl-storage-01.cloonar.com IN A 10.42.97.9"
+        "git.cloonar.com IN A 10.42.97.118"
+
+        "stage.wsw.at IN A 10.254.235.22"
+        "prod.wsw.at IN A 10.254.217.23"
+        "piwik.wohnservice-wien.at IN A 10.254.240.109"
+        "wohnservice-wien.at IN A 10.254.240.109"
+        "mieterhilfe.at IN A 10.254.240.109"
+        "wohnpartner-wien.at IN A 10.254.240.109"
+        "wohnberatung-wien.at IN A 10.254.240.109"
+        "wienbautvor.at IN A 10.254.240.109"
+        "a.wohnservice-wien.at IN A 10.254.240.109"
+        "a.wohnpartner-wien.at IN A 10.254.240.109"
+        "a.stage.wohnservice-wien.at IN A 10.254.240.110"
+        "a.stage.mieterhilfe.at IN A 10.254.240.110"
+        "a.stage.wohnpartner-wien.at IN A 10.254.240.110"
+        "a.stage.wohnberatung-wien.at IN A 10.254.240.110"
+        "a.stage.wienbautvor.at IN A 10.254.240.110"
+        "a.stage.wienwohntbesser.at IN A 10.254.240.110"
+        "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110"
+        "upgrade-staging.mieterhilfe.at IN A 10.254.240.110"
+        "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110"
+        "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110"
+        "upgrade-staging.wienbautvor.at IN A 10.254.240.110"
+        "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110"
+
+        "testing.ebs.amz.at IN A 80.120.142.235"
+        "api.testing-ebs.amz.at IN A 80.120.142.235"
+
+        "metz.cloonar.com IN A 10.42.96.167"
+        "firetv-living.cloonar.com IN A 10.42.96.175"
+        "ps5-living.cloonar.com IN A 10.42.96.176"
+
+        "ddl-warez.to IN A 172.67.184.30"
+      ];
+      local-data-ptr = [
+        "127.0.0.1 localhost"
+        "::1 localhost"
+        "10.42.97.10 switch.cloonar.com"
+        "10.42.97.1 fw.cloonar.com"
+        "10.42.97.118 drone.cloonar.com"
+        "10.42.97.3 hv-02.cloonar.com"
+        "10.42.97.20 home-assistant.cloonar.com"
+        "10.42.97.9 cl-storage-01.cloonar.com"
+        "10.42.97.118 git.cloonar.com"
+
+        "10.254.235.22 stage.wsw.at"
+        "10.254.217.23 prod.wsw.at"
+        "10.254.240.109 wohnservice-wien.at"
+        "10.254.240.110 a.stage.wohnservice-wien.at"
+
+        "80.120.142.235 testing.ebs.amz.at"
+
+        "172.67.184.30 ddl-warez.to"
+      ];
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = [ 
+            "9.9.9.9#dns11.quad9.net"
+            "149.112.112.112#dns11.quad9.net"
+          ];
+        }
+        {
+          name = "ghetto.at.local.";
+          forward-addr = [
+            "10.43.97.1"
+          ];
+        }
+        {
+          name = "epicenter.works.";
+          forward-addr = [
+            "10.50.60.1"
+          ];
+        }
+        {
+          name = "akvorrat.at.";
+          forward-addr = [
+            "10.50.60.1"
+          ];
+        }
+        {
+          name = "epicenter.intra.";
+          forward-addr = [
+            "10.14.1.1"
+          ];
+        }
+        {
+          name = "intra.epicenter.works.";
+          forward-addr = [
+            "10.14.1.1"
+          ];
+        }
+      ];
     };
-    local-data = [
-      "localhost A 127.0.0.1"
-      "localhost.cloonar.com A 127.0.0.1"
-      "localhost AAAA ::1"
-      "localhost.cloonar.com AAAA ::1"
-      "fw.cloonar.com A 10.42.97.1"
-      "fw A 10.42.97.1"
-
-      "switch.cloonar.com IN A 10.42.97.10"
-      "drone.cloonar.com IN A 10.42.97.118"
-      "hv-02.cloonar.com IN A 10.42.97.3"
-      "home-assistant.cloonar.com IN A 10.42.97.20"
-      "deconz.cloonar.com IN A 10.42.97.20"
-      "mopidy.cloonar.com IN A 10.42.97.20"
-      "snapcast.cloonar.com IN A 10.42.97.20"
-      "cl-storage-01.cloonar.com IN A 10.42.97.9"
-      "git.cloonar.com IN A 10.42.97.118"
-
-      "stage.wsw.at IN A 10.254.235.22"
-      "prod.wsw.at IN A 10.254.217.23"
-      "piwik.wohnservice-wien.at IN A 10.254.240.109"
-      "wohnservice-wien.at IN A 10.254.240.109"
-      "mieterhilfe.at IN A 10.254.240.109"
-      "wohnpartner-wien.at IN A 10.254.240.109"
-      "wohnberatung-wien.at IN A 10.254.240.109"
-      "wienbautvor.at IN A 10.254.240.109"
-      "a.wohnservice-wien.at IN A 10.254.240.109"
-      "a.wohnpartner-wien.at IN A 10.254.240.109"
-      "a.stage.wohnservice-wien.at IN A 10.254.240.110"
-      "a.stage.mieterhilfe.at IN A 10.254.240.110"
-      "a.stage.wohnpartner-wien.at IN A 10.254.240.110"
-      "a.stage.wohnberatung-wien.at IN A 10.254.240.110"
-      "a.stage.wienbautvor.at IN A 10.254.240.110"
-      "a.stage.wienwohntbesser.at IN A 10.254.240.110"
-      "upgrade-staging.wohnservice-wien.at IN A 10.254.240.110"
-      "upgrade-staging.mieterhilfe.at IN A 10.254.240.110"
-      "upgrade-staging.wohnpartner-wien.at IN A 10.254.240.110"
-      "upgrade-staging.wohnberatung-wien.at IN A 10.254.240.110"
-      "upgrade-staging.wienbautvor.at IN A 10.254.240.110"
-      "upgrade-staging.wienwohntbesser.at IN A 10.254.240.110"
-
-      "testing.ebs.amz.at IN A 80.120.142.235"
-      "api.testing-ebs.amz.at IN A 80.120.142.235"
-
-      "metz.cloonar.com IN A 10.42.96.167"
-      "firetv-living.cloonar.com IN A 10.42.96.175"
-      "ps5-living.cloonar.com IN A 10.42.96.176"
-
-      "ddl-warez.to IN A 172.67.184.30"
-    ];
-    local-data-ptr = [
-      "127.0.0.1 localhost"
-      "::1 localhost"
-      "10.42.97.10 switch.cloonar.com"
-      "10.42.97.1 fw.cloonar.com"
-      "10.42.97.118 drone.cloonar.com"
-      "10.42.97.3 hv-02.cloonar.com"
-      "10.42.97.20 home-assistant.cloonar.com"
-      "10.42.97.9 cl-storage-01.cloonar.com"
-      "10.42.97.118 git.cloonar.com"
-
-      "10.254.235.22 stage.wsw.at"
-      "10.254.217.23 prod.wsw.at"
-      "10.254.240.109 wohnservice-wien.at"
-      "10.254.240.110 a.stage.wohnservice-wien.at"
-
-      "80.120.142.235 testing.ebs.amz.at"
-
-      "172.67.184.30 ddl-warez.to"
-    ];
-    forward-zone = [
-      {
-        name = ".";
-        forward-addr = [ 
-          "9.9.9.9#dns11.quad9.net"
-          "149.112.112.112#dns11.quad9.net"
-        ];
-      }
-      {
-        name = "ghetto.at.local.";
-        forward-addr = [
-          "10.43.97.1"
-        ];
-      }
-      {
-        name = "epicenter.works.";
-        forward-addr = [
-          "10.50.60.1"
-        ];
-      }
-      {
-        name = "akvorrat.at.";
-        forward-addr = [
-          "10.50.60.1"
-        ];
-      }
-      {
-        name = "epicenter.intra.";
-        forward-addr = [
-          "10.14.1.1"
-        ];
-      }
-      {
-        name = "intra.epicenter.works.";
-        forward-addr = [
-          "10.14.1.1"
-        ];
-      }
-    ];
   };
 
   security.acme.certs.fw = {