diff --git a/salt-pillar/bind/dns.sls b/salt-pillar/bind/dns.sls
new file mode 100644
index 000000000..2f0fd30
--- /dev/null
+++ b/salt-pillar/bind/dns.sls
@@ -0,0 +1,21 @@
+bind:
+  root-domain: zentralwerk.online
+  master-ns: dns.serv.zentralwerk.online
+  public-ns:
+    - ns.c3d2.de
+    - spaceboyz.net
+  serial: 2017011300
+  
+  reverse-zones-inet:
+    - 172.20.72
+    - 172.20.73
+    - 172.20.74
+    - 172.20.75
+    - 172.20.76
+    - 172.20.77
+    - 172.20.78
+    - 172.20.79
+  
+  reverse-zones-inet6:
+    - '8.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa'
+    - 'c.5.0.2.d.3.c.2.4.0.0.3.2.d.f.ip6.arpa'
diff --git a/salt-pillar/hosts/init.sls b/salt-pillar/hosts/init.sls
index efa382b..53fdb44 100644
--- a/salt-pillar/hosts/init.sls
+++ b/salt-pillar/hosts/init.sls
@@ -71,38 +71,69 @@ hosts-inet:
 
   pub:
     pub-gw: 172.20.76.1
+{%- for i in range(2, 256) %}
+    guest{{ i }}: 172.20.76.{{ i }}
+{%- endfor %}
+{%- for i in range(0, 255) %}
+    guest{{ 256 + i }}: 172.20.77.{{ i }}
+{%- endfor %}
   serv:
     serv-gw: 172.20.73.1
+    dns: 172.20.73.2
   priv1:
     priv1-gw: 172.20.74.1
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 1 + i }}
+{%- endfor %}
   priv9:
     priv9-gw: 172.20.74.33
   priv5:
     priv5-gw: 172.20.74.65
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 65 + i }}
+{%- endfor %}
   priv10:
     priv10-gw: 172.20.74.97
   priv3:
     priv3-gw: 172.20.74.129
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 129 + i }}
+{%- endfor %}
   priv11:
     priv11-gw: 172.20.74.161
   priv6:
     priv6-gw: 172.20.74.193
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.74.{{ 193 + i }}
+{%- endfor %}
   priv12:
     priv12-gw: 172.20.74.225
   priv2:
     priv2-gw: 172.20.75.1
+{%- for i in range(1, 31) %}
+    dhcp{{ i }}: 172.20.75.{{ 1 + i }}
+{%- endfor %}
   priv13:
     priv13-gw: 172.20.75.33
   priv7:
     priv7-gw: 172.20.75.65
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 65 + i }}
+{%- endfor %}
   priv14:
     priv14-gw: 172.20.75.97
   priv4:
     priv4-gw: 172.20.75.129
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 129 + i }}
+{%- endfor %}
   priv15:
     priv15-gw: 172.20.75.161
   priv8:
     priv8-gw: 172.20.75.193
+{%- for i in range(1, 14) %}
+    dhcp{{ i }}: 172.20.75.{{ 193 + i }}
+{%- endfor %}
   priv16:
     priv16-gw: 172.20.75.225
 
@@ -147,6 +178,7 @@ hosts-inet6:
 
   serv:
     serv-gw: fd23:42:c3d2:582::1
+    dns: fd23:42:c3d2:582:2:0:0:2
   pub:
     pub-gw: fd23:42:c3d2:583::1
   priv1:
diff --git a/salt-pillar/lxc-containers/server1.sls b/salt-pillar/lxc-containers/server1.sls
index ecea333..44632e5 100644
--- a/salt-pillar/lxc-containers/server1.sls
+++ b/salt-pillar/lxc-containers/server1.sls
@@ -135,3 +135,10 @@ containers:
         gw: upstream1
       c3d2:
         type: veth
+
+  dns:
+    interfaces:
+      serv:
+        type: veth
+        gw: serv-gw
+        gw6: serv-gw
diff --git a/salt-pillar/top.sls b/salt-pillar/top.sls
index 79719cd..9dbe883 100644
--- a/salt-pillar/top.sls
+++ b/salt-pillar/top.sls
@@ -29,3 +29,5 @@ base:
     - lxc-containers.server1
     - switches
     - cpe.aps
+  'dns':
+    - bind.dns
diff --git a/salt/bind/init.sls b/salt/bind/init.sls
new file mode 100644
index 000000000..8e98929
--- /dev/null
+++ b/salt/bind/init.sls
@@ -0,0 +1,61 @@
+bind9:
+  pkg.installed: []
+  service:
+    - running
+    - enable: True
+    - restart: True
+    - watch:
+      - file: /etc/bind/named.conf*
+      - file: /etc/bind/*.zone
+      - pkg: bind9
+
+/etc/bind/named.conf.local:
+  file.managed:
+    - require:
+        - pkg: bind9
+    - source: salt://bind/named.conf
+    - template: 'jinja'
+
+# zentralwerk.online
+/etc/bind/{{ pillar['bind']['root-domain'] }}:
+  file.managed:
+    - source: salt://bind/root-domain.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ pillar['bind']['root-domain'] }}
+
+# *.zentralwerk.online
+{%- for net, subnet4 in pillar['subnets-inet'].items() %}
+{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
+/etc/bind/{{ domain }}.zone:
+  file.managed:
+    - source: salt://bind/net-domain.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+        net: {{ net }}
+
+{%- endfor %}
+
+# IPv4 reverse
+{%- for subnet in pillar['bind']['reverse-zones-inet'] %}
+{%-   set domain = '.'.join(subnet.split('.').__reversed__()) ~ '.in-addr.arpa' %}
+/etc/bind/reverse4-{{ subnet }}.zone:
+  file.managed:
+    - source: salt://bind/reverse4.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+        subnet: {{ subnet }}
+
+{%- endfor %}
+
+# IPv6 reverse
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+/etc/bind/reverse6-{{ domain }}.zone:
+  file.managed:
+    - source: salt://bind/reverse6.zone
+    - template: 'jinja'
+    - context:
+        domain: {{ domain }}
+{%- endfor %}
diff --git a/salt/bind/named.conf b/salt/bind/named.conf
new file mode 100644
index 000000000..b48edbb
--- /dev/null
+++ b/salt/bind/named.conf
@@ -0,0 +1,23 @@
+{%- for net, subnet4 in pillar['subnets-inet'].items() %}
+{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/{{ domain }}.zone";
+};
+
+{%- endfor %}
+
+{%- for subnet in pillar['bind']['reverse-zones-inet'] %}
+{%- set domain = '.'.join(subnet.split('.').__reversed__()) ~ '.in-addr.arpa' %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/reverse4-{{ subnet }}.zone";
+};
+{%- endfor %}
+
+{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
+zone "{{ domain }}" IN {
+     type master;
+     file "/etc/bind/reverse6-{{ domain }}.zone";
+};
+{%- endfor %}
diff --git a/salt/bind/net-domain.zone b/salt/bind/net-domain.zone
new file mode 100644
index 000000000..a0d6dca
--- /dev/null
+++ b/salt/bind/net-domain.zone
@@ -0,0 +1,25 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- if pillar['hosts-inet'].get(net) %}
+{%-   for name, a in pillar['hosts-inet'][net].items() %}
+{{ name }}	IN A	{{ a }}
+{%-   endfor %}
+{%- endif %}
+
+{%- if pillar['hosts-inet6'].get(net) %}
+{%-   for name, aaaa in pillar['hosts-inet6'][net].items() %}
+{{ name }}	IN AAAA	{{ aaaa }}
+{%-   endfor %}
+{%- endif %}
diff --git a/salt/bind/reverse4.zone b/salt/bind/reverse4.zone
new file mode 100644
index 000000000..d51b2bd
--- /dev/null
+++ b/salt/bind/reverse4.zone
@@ -0,0 +1,26 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for i in range(1, 255) %}
+{%-   set addr = subnet ~ '.' ~ i %}
+
+{%-   for net, hosts in pillar['hosts-inet'].items() %}
+{%-     for host, a in hosts.items() %}
+{%-       if a == addr %}
+{{ i }}		IN PTR	{{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
+{%-       endif %}
+{%-     endfor %}
+{%-   endfor %}
+
+{%- endfor %}
diff --git a/salt/bind/reverse6.zone b/salt/bind/reverse6.zone
new file mode 100644
index 000000000..224cfd2
--- /dev/null
+++ b/salt/bind/reverse6.zone
@@ -0,0 +1,22 @@
+$ORIGIN {{ domain }}.
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for net, hosts in pillar['hosts-inet6'].items() %}
+{%-   for host, aaaa in hosts.items() %}
+{%-     set reverse = salt['network.reverse_ip'](aaaa) %}
+{%-     if reverse.endswith(domain) %}
+{{ reverse.replace('.' ~ domain, '') }}	IN PTR	{{ host }}.{{ net }}.{{ pillar['bind']['root-domain'] }}.
+{%-     endif %}
+{%-   endfor %}
+{%- endfor %}
diff --git a/salt/bind/root-domain.zone b/salt/bind/root-domain.zone
new file mode 100644
index 000000000..23ee450
--- /dev/null
+++ b/salt/bind/root-domain.zone
@@ -0,0 +1,19 @@
+$ORIGIN {{ domain }}
+$TTL 10M
+
+@		IN SOA	{{ pillar['bind']['master-ns'] }}. astro.spaceboyz.net. (
+				{{ pillar['bind']['serial'] }} ; serial
+				1H ; refresh
+				1M ; retry
+				2H ; expire
+				5M ; minimum
+			)
+{%- for ns in pillar['bind']['public-ns'] %}
+		IN NS	{{ ns }}.
+{%- endfor %}
+
+{%- for net, hosts in pillar['hosts-inet'].items() %}
+{%-   for ns in pillar['bind']['public-ns'] %}
+{{ net }}		IN NS	{{ ns }}.
+{%-   endfor %}
+{%- endfor %}
diff --git a/salt/top.sls b/salt/top.sls
index 488d264..fec2bdf 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -46,3 +46,6 @@ base:
     - upstream.masquerade
     - upstream.shaping
     - upstream.nat66
+  'dns':
+    - no-ssh
+    - bind