diff --git a/nix/nixos-module/container/dnscache.nix b/nix/nixos-module/container/dnscache.nix
index 5f386d2..4f07ece 100644
--- a/nix/nixos-module/container/dnscache.nix
+++ b/nix/nixos-module/container/dnscache.nix
@@ -39,23 +39,18 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
         insecure-lan-zones: yes
 
         domain-insecure: "dn42"
-        domain-insecure: "20.172.in-addr.arpa"
-        domain-insecure: "21.172.in-addr.arpa"
-        domain-insecure: "22.172.in-addr.arpa"
-        domain-insecure: "99.22.172.in-addr.arpa"
-        domain-insecure: "23.172.in-addr.arpa"
+        domain-insecure: "10.in-addr.arpa"
+      ${lib.concatMapStrings (x:
+        "  domain-insecure: ${toString x}.172.in-addr.arpa\n"
+      ) [
+        16 17 18 19
+        20 21 22 23
+        24 25 26 27
+        28 29 30 31
+      ]}
+        domain-insecure: "168.192.in-addr.arpa"
         domain-insecure: "d.f.ip6.arpa"
         domain-insecure: "ffdd"
-        domain-insecure: "200.10.in-addr.arpa"
-        domain-insecure: "201.10.in-addr.arpa"
-        local-zone: "20.172.in-addr.arpa." nodefault
-        local-zone: "21.172.in-addr.arpa." nodefault
-        local-zone: "22.172.in-addr.arpa." nodefault
-        local-zone: "99.22.172.in-addr.arpa." nodefault
-        local-zone: "23.172.in-addr.arpa." nodefault
-        local-zone: "d.f.ip6.arpa." nodefault
-        local-zone: "200.10.in-addr.arpa." nodefault
-        local-zone: "201.10.in-addr.arpa." nodefault
 
       forward-zone:
         name: "."