diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix
index b620f43..d1804fe 100644
--- a/hosts/yevaud/default.nix
+++ b/hosts/yevaud/default.nix
@@ -22,6 +22,36 @@
     privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path;
   };
 
+  services.bind = {
+    # enable = true;
+    cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+    forwarders = [ ];
+    listenOn = [ config.birdsong.hosts.yevaud.ipv4 ];
+    listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ];
+    zones = {
+      "birdsong.internal" = {
+        master = true;
+        # TODO: pick better email address for SOA record
+        file = pkgs.writeText "birdsong.internal.zone" ''
+          $TTL 60
+          $ORIGIN birdsong.internal.
+
+          birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 )
+          birdsong.internal. IN NS ns.birdsong.internal.
+
+          yevaud.c.birdsong.internal. IN A 10.127.1.1
+          yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+
+          ns.birdsong.internal. IN A 10.127.1.1
+          ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1
+        '';
+      };
+    };
+  };
+  networking.resolvconf.useLocalResolver = false;
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
   qenya.services.forgejo = {
     enable = true;
     domain = "git.qenya.tel";