diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix
index c4bf025..2c00beb 100644
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -130,6 +130,57 @@ let
       }
     ];
   };
+unbound-sync = {
+  enable = true;
+  path = with pkgs; [ unbound inotify-tools ];
+  script = ''
+    function readFile() {
+      if [[ "''\$2" == "A" ]] ; then
+        cat "''\$1" | tail -n +2 | while IFS=, read -r address hwaddr client_id valid_lifetime expire subnet_id fqdn_fwd fqdn_rev hostname state user_context
+        do
+          echo "''\${address},''\${hostname}"
+        done
+      else
+        cat "''\$1" | tail -n +2 | while IFS=, read -r address duid valid_lifetime expire subnet_id pref_lifetime lease_type iaid prefix_len fqdn_fwd fqdn_rev hostname hwaddr state user_context hwtype hwaddr_source
+        do
+          echo "''\${address},''\${hostname}"
+        done
+      fi    
+    }     
+        
+    function readFileUnique() {
+      readFile "''\$1" ''\$2 | uniq | while IFS=, read -r address hostname
+      do  
+        if [[ "''\${hostname}" == *.cloonar.com ]] ; then
+          echo ''\${hostname} ''\$2 ''\${address}
+          unbound-control local_data ''\${hostname} ''\$2 ''\${address}
+          if [[ "''\$2" == "A" ]] ; then
+            echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3
+            do
+              unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname}
+              unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname}
+            done
+          fi
+        fi
+      done
+    } 
+    
+    function syncFile() {
+      readFileUnique "''\$1" "''\$2"
+      while inotifywait -e close_write,create "''\$1" ; do
+        readFileUnique "''\$1" "''\$2"
+      done 
+    }
+
+    syncFile "/var/lib/kea/dhcp4.leases" A &
+    # syncFile "/var/lib/kea/dhcp6.leases" AAAA &
+    wait
+  '';
+  wants = [ "network-online.target" "unbound.service" ];
+  after = [ "network-online.target" "unbound.service" ];
+  partOf = [ "unbound.service" ];
+  wantedBy = [ "multi-user.target" ];
+};
 in {
   users.users.unbound = {
     group = "unbound";
@@ -153,6 +204,10 @@ in {
         hostPath = "${config.security.acme.certs.${domain}.directory}";
         isReadOnly = true;
       };
+      "/var/lib/kea/dhcp4.leases" = {
+        hostPath = "/var/lib/kea/dhcp4.leases";
+        isReadOnly = true;
+      };
     };
     config = { lib, config, pkgs, ... }: {
       networking = {
@@ -185,6 +240,7 @@ in {
         enable = true;
         settings = cfg;
       };
+      systemd.services.unbound-sync = unbound-sync;
       system.stateVersion = "23.05";
     };
   };