diff --git a/applications/dns.nix b/applications/dns.nix
index bef05b9..49cd790 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -39,8 +39,8 @@ in {
 
         forwarders = [
           # these were in old config file
-          "193.1.100.130"
-          "193.1.100.131"
+          #"193.1.100.130"
+          #"193.1.100.131"
         ];
 
         zones = {
@@ -62,10 +62,11 @@ in {
             extraConfig = "";
             # really wish teh nixos config didnt use master/slave
             master = true;
-            masters = [ ];
             slaves = [ ];
-
-            file = ''
+            # need to write this to a file
+            file = pkgs.writeText "dns_zone_skynet"
+            # no leading whitespace for first line
+            ''
             $TTL 60  ; 1 minute
             ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
             @   IN SOA  ns1.skynet.ie. hostmaster.skynet.ie. (
@@ -91,7 +92,7 @@ in {
 
             ; External addresses
             ; ------------------------------------------
-            ${lib.strings.concatMapStrings (x: x + "\n            ") cfg.records.external}
+            ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
 
 
             ; this is fixed for now
@@ -106,7 +107,7 @@ in {
 
             ; cname's
             ; ------------------------------------------
-            ${lib.strings.concatMapStrings (x: x + "\n            ") cfg.records.cname}
+            ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
 
             '';
           };
diff --git a/flake.nix b/flake.nix
index 1f77948..bfac683 100644
--- a/flake.nix
+++ b/flake.nix
@@ -78,7 +78,11 @@
 
       */
 
-      #test02 = import ./machines/test02.nix;
+      # firewall machiene
+      agentjones = import ./machines/agentjones.nix;
+
+      # ns1
+      vendetta = import ./machines/vendetta.nix;
 
     };
   };
diff --git a/machines/agentjones.nix b/machines/agentjones.nix
index 2d56a3e..4e96ef2 100644
--- a/machines/agentjones.nix
+++ b/machines/agentjones.nix
@@ -19,6 +19,7 @@ in {
   imports = [
     # applications for this particular server
     ../applications/firewall.nix
+    ../applications/dns.nix
   ];
 
   deployment = {
@@ -27,6 +28,13 @@ in {
     targetUser = "root";
   };
 
+  skynet_dns.records = {
+    external = [
+      "agentjones       A       ${ip_pub}"
+    ];
+    cname = [];
+  };
+
   # this has to be defined for any physical servers
   # vms are defined by teh vm host
   networking.interfaces = {
diff --git a/machines/vendetta.nix b/machines/vendetta.nix
index 092df52..9cba06d 100644
--- a/machines/vendetta.nix
+++ b/machines/vendetta.nix
@@ -16,12 +16,17 @@ let
   ip_pub    = "192.168.1.157";
   ip_priv   = "172.20.20.3";
   # hostname  = "vendetta.skynet.ie";
-  hostname  = "test01.home.brendan.ie";
+  hostname  = "192.168.1.157";
 
   # this server will have to have dns records
   own = {
     external = [
       "vendetta         A       ${ip_pub}"
+      "ns1              A       ${ip_pub}"
+
+      # needs this, temporally
+      "ns2              A       ${ip_pub}"
+      "mail             A       ${ip_pub}"
     ];
     cname = [
       #"misc             CNAME   vendetta"
@@ -39,6 +44,13 @@ in {
     targetUser = "root";
   };
 
+  networking = {
+    firewall = {
+      allowedTCPPorts = [22 53];
+      allowedUDPPorts = [53];
+    };
+  };
+
   skynet_dns = {
     enable = true;