diff --git a/applications/dns.nix b/applications/dns.nix
index 9504217..e0e9a62 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -197,10 +197,15 @@
     then create_entry_etc_sub domain (text.old domain)
     else {};
 
-  create_entry_zone = domain: extraConfig: {
+  create_entry_zone = domain: {
     "${domain}" = {
       extraConfig = ''
-        ${extraConfig}
+        allow-update {
+          key rfc2136key.${domain}.;
+        };
+
+        dnssec-policy default;
+        inline-signing yes;
         // for bumping the config
         // ${current_date}
       '';
@@ -221,23 +226,6 @@
     old = domain: get_config_file_old_domains domain;
   };
 
-  extraConfig = {
-    owned =
-      if cfg.server.primary
-      then ''
-        allow-update { key rfc2136key.skynet.ie.; };
-
-        dnssec-policy default;
-        inline-signing yes;
-      ''
-      else "";
-
-    # no extra config for reverse
-    reverse = "";
-
-    old = "";
-  };
-
   records =
     config.skynet.records."skynet.ie"
     ++ builtins.concatLists (
@@ -333,12 +321,12 @@ in {
     ];
 
     services.bind.zones =
-      (create_entry_zone "csn.ul.ie" extraConfig.owned)
-      // (create_entry_zone "skynet.ie" extraConfig.owned)
-      // (create_entry_zone "ulcompsoc.ie" extraConfig.owned)
-      // (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse)
-      // (create_entry_zone "conradcollins.net" extraConfig.old)
-      // (create_entry_zone "edelharty.net" extraConfig.old);
+      (create_entry_zone "csn.ul.ie")
+      // (create_entry_zone "skynet.ie" )
+      // (create_entry_zone "ulcompsoc.ie" )
+      // (create_entry_zone "64-64.99.1.193.in-addr.arpa" )
+      // (create_entry_zone "conradcollins.net" )
+      // (create_entry_zone "edelharty.net" );
 
     environment.etc =
       (create_entry_etc "csn.ul.ie" "owned")