diff --git a/applications/dns.nix b/applications/dns.nix
index a3e8a8b..deec46d 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -342,6 +342,12 @@ in {
   };
 
   config = lib.mkIf cfg.server.enable {
+    # logging
+    services.prometheus.exporters.bind = {
+      enable = true;
+      openFirewall = true;
+    };
+
     # services.skynet.backup.normal.backups = ["/etc/skynet/dns"];
 
     # open the firewall for this
@@ -386,6 +392,10 @@ in {
       # need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
       extraConfig = ''
         include "/run/agenix/dns_dnskeys";
+
+        statistics-channels {
+          inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
+        };
       '';
 
       # piles of no valid RRSIG resolving 'com/DS/IN' errors
diff --git a/applications/prometheus.nix b/applications/prometheus.nix
index 556a16e..d60dc83 100644
--- a/applications/prometheus.nix
+++ b/applications/prometheus.nix
@@ -7,6 +7,25 @@
 with lib; let
   name = "prometheus";
   cfg = config.services.skynet."${name}";
+
+  # dont have to worry about any external addresses for this
+  # create a list of either "ip@port" or ""
+  # the ""s then get filtered out by filter_empty
+  exporters = {
+    dns = (
+      lib.attrsets.mapAttrsToList (
+        key: value:
+          if value.config.services.skynet.dns.server.enable
+          then "${value.config.deployment.targetHost}:${toString value.config.services.prometheus.exporters.bind.port}"
+          else ""
+      )
+      nodes
+    );
+    node = lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString config.services.prometheus.exporters.node.port}") nodes;
+  };
+
+  # clears any invalid entries
+  filter_empty = inputs: (builtins.filter (value: value != "") inputs);
 in {
   imports = [];
 
@@ -19,7 +38,7 @@ in {
         default = 9001;
       };
 
-      other_nodes = mkOption {
+      external.node = mkOption {
         type = types.listOf types.str;
         default = [];
         description = ''
@@ -27,24 +46,16 @@ in {
         '';
       };
     };
-
-    port_collecter = mkOption {
-      type = types.port;
-      default = 9002;
-    };
   };
 
   config = mkMerge [
     {
       services.prometheus.exporters.node = {
         enable = true;
+        openFirewall = true;
         # most collectors are on by default see https://github.com/prometheus/node_exporter for more options
         enabledCollectors = ["systemd"];
-        port = cfg.port_collecter;
       };
-
-      # make sure the port is open
-      networking.firewall.allowedTCPPorts = [cfg.port_collecter];
     }
     (mkIf cfg.server.enable {
       services.prometheus = {
@@ -55,7 +66,15 @@ in {
             job_name = "node_exporter";
             static_configs = [
               {
-                targets = (lib.attrsets.mapAttrsToList (key: value: "${value.config.deployment.targetHost}:${toString cfg.port_collecter}") nodes) ++ cfg.server.other_nodes;
+                targets = filter_empty (exporters.node ++ cfg.server.external.node);
+              }
+            ];
+          }
+          {
+            job_name = "bind";
+            static_configs = [
+              {
+                targets = filter_empty exporters.dns;
               }
             ];
           }