diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix
index 1311a32..7c036ab 100644
--- a/newinfra/nix/hive.nix
+++ b/newinfra/nix/hive.nix
@@ -27,6 +27,7 @@
       traceroute
       dnsutils
     ];
+
     time.timeZone = "Europe/Zurich";
     users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0n1ikUG9rYqobh7WpAyXrqZqxQoQ2zNJrFPj12gTpP nilsh@PC-Nils'' ];
 
@@ -34,6 +35,7 @@
     zramSwap.enable = true;
 
     services.openssh.enable = true;
+
     # By default, Colmena will replace unknown remote profile
     # (unknown means the profile isn't in the nix store on the
     # host running Colmena) during apply (with the default goal,
@@ -62,6 +64,55 @@
     boot.initrd.kernelModules = [ "nvme" ];
     fileSystems."/" = { device = "/dev/sda3"; fsType = "ext4"; };
   };
+  dns2 = { name, nodes, modulesPath, lib, ... }: {
+    imports = [ ./modules/dns (modulesPath + "/profiles/qemu-guest.nix") ];
+
+    # The name and nodes parameters are supported in Colmena,
+    # allowing you to reference configurations in other nodes.
+    networking.hostName = name;
+
+    deployment.targetHost = "dns2.nilstrieb.dev";
+    deployment.tags = [ "dns" "eu" ];
+
+    system.stateVersion = "23.11";
+
+    boot.loader.grub.device = "/dev/sda";
+    boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+    boot.initrd.kernelModules = [ "nvme" ];
+    fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+
+    # This file was populated at runtime with the networking
+    # details gathered from the active system.
+    networking = {
+      nameservers = [
+        "8.8.8.8"
+      ];
+      defaultGateway = "172.31.1.1";
+      defaultGateway6 = {
+        address = "fe80::1";
+        interface = "eth0";
+      };
+      dhcpcd.enable = false;
+      usePredictableInterfaceNames = lib.mkForce false;
+      interfaces = {
+        eth0 = {
+          ipv4.addresses = [
+            { address = "128.140.3.7"; prefixLength = 32; }
+          ];
+          ipv6.addresses = [
+            { address = "2a01:4f8:c2c:d616::1"; prefixLength = 64; }
+            { address = "fe80::9400:3ff:fe91:1647"; prefixLength = 64; }
+          ];
+          ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }];
+          ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }];
+        };
+
+      };
+    };
+    services.udev.extraRules = ''
+      ATTR{address}=="96:00:03:91:16:47", NAME="eth0"
+    '';
+  };
 
   /*host-b = {
     # Like NixOps and Morph, Colmena will attempt to connect to
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index 41f4ed4..f8c125a 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -10,6 +10,10 @@ let
   });
 
   data = with dns.lib.combinators;
+    let
+      dns1 = host "154.38.163.74" null;
+      dns2 = host "128.140.3.7" "2a01:4f8:c2c:d616::";
+    in
     {
       SOA = {
         nameServer = "154.38.163.74"; #"ns1.noratrieb.dev";
@@ -19,7 +23,7 @@ let
 
       NS = [
         "154.38.163.74" #"ns1.noratrieb.dev"
-        #"ns2.noratrieb.dev"
+        "128.140.3.7" #"ns2.noratrieb.dev"
       ];
 
       A = [ (a "161.97.165.1") ];
@@ -31,10 +35,12 @@ let
           "she/her"
         ];
 
-        ns1 = host "154.38.163.74" null;
+        ns1 = dns1;
+        ns2 = dns2;
 
         infra.subdomains = {
-          dns1 = host "154.38.163.74" null;
+          inherit dns1;
+          inherit dns2;
         };
       };
     };