diff --git a/create-database.yml b/create-database.yml
index e777896..a3c314a 100644
--- a/create-database.yml
+++ b/create-database.yml
@@ -4,6 +4,7 @@
 #   - postgres
 #     - executed on stage specific server: {{ stage }}-postgres-01
 #     - creates databases to work with connect: {{ connect_postgres_database }}
+#     - creates databases to work with pdns: {{ pdns_postgres_database }}
 #     - creates databases to work with management connect: {{ management_connect_postgres_database }}
 #     - creates databases to work with shared webdav: {{ webdav_postgres_database }}
 #     - creates databases to work with shared keycloak: {{ keycloak_postgres_database }}
@@ -51,7 +52,7 @@
         - "{{ item }}"
       changed_when: False
       with_items: "{{ cluster_services }}"
-      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy']
+      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'gitea', 'workflow_index', 'workflow_proxy', 'pdns']
 
     - name: Add maria servers to hosts if necessary
       add_host:
@@ -84,6 +85,16 @@
   roles:
     - role: connect-postgres
       when: "'connect' in group_names"
+    
+    - role: pdns-postgres
+      vars:
+        initialize: True
+      when: "'pdns' in group_names"
+
+    - role: pdns-admin-postgres
+      vars:
+        initialize: True      
+      when: "'pdns' in group_names"
 
     - role: gitea-postgres
       when: "'gitea' in group_names"
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index b96c668..3aba61d 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,53 +1,54 @@
 $ANSIBLE_VAULT;1.1;AES256
-39366565366664306333663934306533353861616161323165356433646331663239396164383138
-6436636361336164646564363036366439346335333533390a383061306436393933306239336239
-37383430323965323533643866323761626134376632313035356565373864373161386163363963
-3164613131346633350a636535316562316266323139323266643531313366656463653636306435
-36353465646163623665386566316362363264663334626634626236666330316662323966626334
-65653934383632663061663939656236653531663937663338653962633531316264656233326438
-34346362666534316636636134633731333764336461376162643231386563656231643938393936
-37366466313939656461376439623533346636623631363033633336336462306265663661613734
-39653532656666323065643466376432633837663032306363616632306237326137323864393964
-61346339343138383663633234643264353961323335393137653037343065366232376236356234
-66346137346439343463393834336134376362316566333461383062613335326533636137383763
-35333465393032666638616231623630313865353661623230313033333163303337623837363562
-36396335326365636566393636323533633866366163333261333731343137336666366362366265
-35333433616130373339343938356631316432626163313663366533323738353732636232323739
-37316138643233613765663666666366396138623765346433646366623831333462663465353661
-66383061336636613835313131363066343563383136373531626236653231633332663766303936
-61653262326134343166303132643961393861376532613764666462386164303061303737643739
-33376134366136323031366636643662653037646636323033313234363263346233633534386264
-31373338653330323231373838373732383833333431383963383633326661333230316133316232
-39313363663536653433366464323136333165396163326161393238636563353531383864613239
-30323236633239666330363535626530666436373863383531383538323066363964353039313062
-39356564336261383436636139393638313539636235356539323339353137663834623935656131
-32363465626231653736366636316339303163616639666362636332623063356438326337326464
-30386232623362666266616364396563323138616164323363616334313531616261613339323465
-37613431653433653863346334656465303731373266376630336530363036386464303666313131
-66383165356434323865636631656131313735313134386162646634666135396431326437653761
-36633833353562653963316466333965316332366165653130363237366262346638376531313965
-38386363656332396634623535633365396332363462356232366461393463626336383165663132
-34393636616133356334653231366338386364396136643937613961653934333466303135346539
-37393865373133363464626132323037336638383138343866626638616535333937303764383263
-61386362313961626163383365376234666238633030306463666335373734616336303165653564
-37393136363439393735383964386134333731643565613865393266383966333531316238353433
-34303262633934386561363363643236646137653866356536613037613661663264333432306266
-64343732643365396235636366366164313039333332366561646339343162613861346635393833
-34346664303836386165336561333630616535383061333537323364623962666238396164333937
-39633938303131383463313964383364333062306166623039626131663133373831343963633463
-38386637393038396431666633366139393332393761316637653063633033363537333438306633
-30623436363037363232303562383165636135333933346562326533623831363363653165376163
-62363265343465303036306433366132666339396266333461383732343464343535626666646637
-32646632623636663330383632303835336138366336393638346437656530313762363739323965
-63336639383266386463653637306431316230353561373332353739383635663637343036623564
-66373831353864633865626538633431636333363433656136366639643765396435656433313965
-66643632623835343662616134383835323265646636343165373666383138306635373362303133
-63633536663439343065386630386637363431303238633661643335343262383533643764643939
-33396632333139336635356165643036323234613032643233346635326662383830313834343966
-35656163313463343561383664656632363436613032643335363539636466393338623663356161
-64363731393530633239303039636162633533396131663433323436376233313237336538623631
-33616638333232383931646534363230663064346137366264316432306134393163646634336336
-61323132336637323037356466366539323265303138623864316438613766613837383737383765
-33323166373633303138633566313034663636303066616136383433616433616562663231383736
-36316263386462353766373461636565323662356264376431313633353363646634623033616432
-30303435643564303236
+31663064353337346663613338643132343836306662353231343832396331393631663763663837
+3434646334393531323935613838626163393431393830350a336636326565646630343731373063
+38643761346138336637306631373665346239666335363865646239646132323464633963323831
+6336616637646261310a306233326333373637386636373133613234663237393838303435343866
+30623239613830306465633633633536616537343839623337393339303963373336623036326636
+63336436323962363935396264363231663863653930666138376536373033643533386161363930
+33626331366366396661353937666633376638303863326333313036366164386539306632363265
+65653137653266353264383461343432333566613362346265383031616231336463383237613235
+63653464363962386262396536383863653130663733346664313535626637383966366536643034
+35363165383466646366623431343838656435366166323633363839643334306536613262323965
+35323365323835313932613166306435333631323336663238613863373561326538343231383832
+33316237326136666231663937396330633234383031663861626139396461616438386561353231
+36626130346439666336633331306432376464623466653330363238313166323863316539366266
+32663030623735653234363336383831333337623533656131336239313333363735373731656363
+37396466313039316263666337393833303233613966663664643962633333333033643430636438
+61316432666530373336303538643033356439333161626533613762633637646263626130356237
+34613865353831613861323630336561386662353031376464613934663335363536623932303637
+30646439663838306163613730343962643631633437653732633564323965353838313833643665
+32333832623261623834333461386364373565336533373564373130613462356339346338613539
+33643439643936323630623834363037656634383331306336653832323639653761643732383061
+62313831386134666338663363643531303735343136643035343561316335316339626563393465
+37656532623061616533353163396464646638383139333666623162323765653533323537373862
+65343264343561353334343935653661636331396630646234363730393364316236663634653662
+31616265663862646134303961356330653961386334363166306362396463343662343834303939
+34313738393262656663343566383737656631393031653030333335306234613338383436303337
+32376633663530646435633261333262643137363737353165666665356165313637653033613463
+34363937303864313836386237656532396233393065663366316531303130336561666138336664
+62633235643630313666656163393863666662663931313533303630376564363365323636663636
+32663635313335666433633636353038373234666161633535636632313931663836663932616131
+33323466306465303661613163393434663366663466373232326238306135623935373531303331
+34373437666438666535653434323164656637646566336432666365663830353765353231333139
+35633238636236323130313738323462316264353336363464663930393964656337626261333135
+34316662343165363135306139333463323664333561393536663233343039633163353338343039
+65633564653131363835346330633035623938306539366365333366373534373332323430376366
+31386233393363366461303030616630363434316130623966656337646665346365366239346561
+36653834653066343838623635303032313430313562353262643931363265613764346139346633
+35366530626363393431356166633361633066376234376162623937313835373434613266633665
+63303330623132636432343861346333616536633132663861626335346236353439346638383164
+30336537306261386533643463383738626261306334626364323266303764613066333835653733
+31386237306539666664343665643535386261303362303434356235653362653632323732353332
+61376637363033393561613737623366323432383631343230393032356232636335623033343137
+63313333346465323733613061623264623636663639636664313234353461623638343134633162
+36656134623438346538346566633239633431373036663033373065333961353361313235323866
+36396337316235646132303839303966323131653961666639323138633437643130326631343237
+31373463623363643637626265343361656235643930633734626164663439613366316466653238
+32623666303436633334643563323337303239363537316534633234363936356461646531366533
+35623137306139306432306230346365303436666566326337346137613363353334343736643765
+65666564306566623963626464366338353864356437376163643330313430303037303061376263
+35646135653566623464383730353636376438633661336262373061613737346630363830303036
+32313636636138626661393263643630326336623034346530316535346631363835326334653136
+63366662636535363034386439666363383330643239366533633930336531613238643266326161
+62323062393232613736323638343766633735303761653362636565343433363839366530356233
+39313638376163336230623465366632653132393761643537633062323230363437
diff --git a/group_vars/pdns/plain.yml b/group_vars/pdns/plain.yml
new file mode 100644
index 0000000..7c226ab
--- /dev/null
+++ b/group_vars/pdns/plain.yml
@@ -0,0 +1,20 @@
+---
+
+hetzner_server_type: cx11
+hetzner_server_labels: "stage={{ stage }} service=pdns"
+
+pdns_id: "{{ inventory_hostname }}-pdns"
+pdns_postgres_id: "{{ inventory_hostname }}-postgres-pdns"
+pdns_recursor_id: "{{ inventory_hostname }}-recursor-pdns"
+pdns_admin_id: "{{ inventory_hostname }}-admin-pdns"
+pdns_admin_postgres_id: "{{ inventory_hostname }}-admin-postgres-pdns"
+#pdns_api_key: "< see vault >"
+
+pdns_postgres_host: "{{ shared_service_postgres_01_hostname }}"
+pdns_postgres_database: "{{ stage }}_pdns"
+pdns_postgres_username: "{{ pdns_postgres_database }}"
+pdns_postgres_password: "pdns-postgres-admin"
+
+pdns_admin_postgres_database: "{{ stage }}_pdns_admin"
+pdns_admin_postgres_username: "{{ pdns_admin_postgres_database }}"
+pdns_admin_postgres_password: "pdns-admin-postgres-admin"
\ No newline at end of file
diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml
index 4e8cbcb..f839464 100644
--- a/group_vars/stage_dev/plain.yml
+++ b/group_vars/stage_dev/plain.yml
@@ -34,6 +34,12 @@ shared_service_docker_ip: "{{ stage_server_infos
   | list
   | first
   | default('-') }}"
+shared_service_pdns_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-pdns-01' )
+  | map(attribute='private_ip')
+  | list
+  | first
+  | default('-') }}"
 shared_service_mail_ip: "{{ stage_server_infos
   | selectattr('name', 'match', stage + '-mail-01' )
   | map(attribute='private_ip')
@@ -143,6 +149,7 @@ shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
 shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
 shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
 shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain }}"
+shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
 shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
 shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
 shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}"
@@ -231,6 +238,10 @@ shared_service_hosts: [
   {
     ip: "{{ shared_service_kube_node_03 }}",
     name: "{{ kube_node_03_hostname }}"
+  },
+  {
+    ip: "{{ shared_service_pdns_ip }}",
+    name: "{{ shared_service_pdns_hostname }}"
   }
 ]
 
diff --git a/group_vars/stage_qa/plain.yml b/group_vars/stage_qa/plain.yml
index 6c234c9..0d89207 100644
--- a/group_vars/stage_qa/plain.yml
+++ b/group_vars/stage_qa/plain.yml
@@ -34,6 +34,12 @@ shared_service_docker_ip: "{{ stage_server_infos
   | list
   | first
   | default('-') }}"
+shared_service_pdns_ip: "{{ stage_server_infos
+  | selectattr('name', 'match', stage + '-pdns-01' )
+  | map(attribute='private_ip')
+  | list
+  | first
+  | default('-') }}"
 shared_service_mail_ip: "{{ stage_server_infos
   | selectattr('name', 'match', stage + '-mail-01' )
   | map(attribute='private_ip')
@@ -143,6 +149,7 @@ shared_service_iam_hostname: "{{ stage }}-iam-01.{{ domain }}"
 shared_service_mail_hostname: "{{ stage }}-mail-01.{{ domain }}"
 shared_service_gitea_hostname: "{{ stage }}-gitea-01.{{ domain }}"
 shared_service_redis_hostname: "{{ stage }}-redis-01.{{ domain }}"
+shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
 shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
 shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
 shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}"
@@ -231,6 +238,10 @@ shared_service_hosts: [
   {
     ip: "{{ shared_service_kube_node_03 }}",
     name: "{{ kube_node_03_hostname }}"
+  },
+  {
+    ip: "{{ shared_service_pdns_ip }}",
+    name: "{{ shared_service_pdns_hostname }}"
   }
 ]
 
diff --git a/remove-database.yml b/remove-database.yml
index d5453a1..43631f0 100644
--- a/remove-database.yml
+++ b/remove-database.yml
@@ -43,7 +43,7 @@
         - "{{ item }}"
       changed_when: False
       with_items: "{{ cluster_services }}"
-      when: item in ['connect', 'management_connect', 'keycloak', 'webdav']
+      when: item in ['connect', 'management_connect', 'keycloak', 'webdav', 'pdns']
 
     - name: Add maria servers to hosts if necessary
       add_host:
@@ -78,6 +78,12 @@
          database_state: absent
       when: "'connect' in group_names"
 
+    - role: pdns-admin-postgres
+      when: "'pdns' in group_names"
+
+    - role: pdns-postgres
+      when: "'pdns' in group_names"
+
     - role: keycloak-postgres
       vars:
          database_state: absent
diff --git a/roles/_shared_service/tasks/main.yml b/roles/_shared_service/tasks/main.yml
index 6ed72e7..e684402 100644
--- a/roles/_shared_service/tasks/main.yml
+++ b/roles/_shared_service/tasks/main.yml
@@ -77,7 +77,7 @@
   tags:
     - update_deployment
 
-- name: "Startinf <{{ current_service_id }}>"
+- name: "Starting <{{ current_service_id }}>"
   shell: docker-compose up -d
   args:
     chdir: '{{ service_base_path }}/{{ current_service_id }}'
diff --git a/roles/pdns-admin-postgres/defaults/main.yml b/roles/pdns-admin-postgres/defaults/main.yml
new file mode 100644
index 0000000..1c53a39
--- /dev/null
+++ b/roles/pdns-admin-postgres/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+postgres_acls:
+  - name: "{{ pdns_admin_postgres_database }}"
+    password: "{{ pdns_admin_postgres_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
diff --git a/roles/pdns-admin-postgres/tasks/main.yml b/roles/pdns-admin-postgres/tasks/main.yml
new file mode 100644
index 0000000..4c21e56
--- /dev/null
+++ b/roles/pdns-admin-postgres/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+
+### tags:
+###     - remove-data
+
+- name: "Setup postgres for {{ inventory_hostname }}"
+  include_role:
+    name: postgres
+    tasks_from: _postgres-acls
diff --git a/roles/pdns-postgres/defaults/main.yml b/roles/pdns-postgres/defaults/main.yml
new file mode 100644
index 0000000..ad17e6d
--- /dev/null
+++ b/roles/pdns-postgres/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+postgres_acls:
+  - name: "{{ pdns_postgres_database }}"
+    password: "{{ pdns_postgres_password }}"
+    trusted_cidr_entry: "{{ shared_service_network }}"
+    
+initialize: False
diff --git a/roles/pdns-postgres/tasks/create-requirements.yml b/roles/pdns-postgres/tasks/create-requirements.yml
new file mode 100644
index 0000000..2ebb8ee
--- /dev/null
+++ b/roles/pdns-postgres/tasks/create-requirements.yml
@@ -0,0 +1,40 @@
+- name: "Check if domain table in {{ pdns_postgres_database }} exist"
+  postgresql_query:
+    db: "{{ pdns_postgres_database }}"
+    login_host: "{{ pdns_postgres_host }}"
+    login_password: "{{ pdns_postgres_password }}"
+    login_user: "{{ pdns_postgres_username }}"
+    query: "SELECT EXISTS (SELECT FROM information_schema.tables WHERE table_schema='public' AND table_name='domains');"
+  register: result
+    
+- name: "Convert the SELECT result"
+  set_fact:
+    converted_result: "{{ result | from_yaml }}"
+
+- name: "Set variable"
+  set_fact:
+    domain_table_exist: "{{ item.exists }}"
+  with_items: "{{ converted_result.query_result }}"
+
+- name: "Copy SQL script"
+  copy:
+    src: "{{ playbook_dir }}/templates/pdns/schema.pgsql.sql"
+    dest: /tmp/schema.pgsql.sql
+  when: 
+    - not domain_table_exist
+
+- name: "Run queries from SQL script"
+  postgresql_query:
+    db: "{{ pdns_postgres_database }}"
+    login_host: "{{ pdns_postgres_host }}"
+    login_password: "{{ pdns_postgres_password }}"
+    login_user: "{{ pdns_postgres_username }}"
+    as_single_query: yes
+    path_to_script: /tmp/schema.pgsql.sql
+  when: 
+    - not domain_table_exist
+
+- name: "Remove SQL script if present"
+  file:
+    path: /tmp/schema.pgsql.sql
+    state: absent
\ No newline at end of file
diff --git a/roles/pdns-postgres/tasks/main.yml b/roles/pdns-postgres/tasks/main.yml
new file mode 100644
index 0000000..e8925e7
--- /dev/null
+++ b/roles/pdns-postgres/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+
+### tags:
+###     - remove-data
+
+- name: "Setup postgres for {{ inventory_hostname }}"
+  include_role:
+    name: postgres
+    tasks_from: _postgres-acls
+
+- name: "Install python3-psycopg2 if not present"
+  apt:
+    name: python3-psycopg2
+    state: present
+
+- name: Include Create Requirements
+  include_tasks: create-requirements.yml
+  when: initialize
diff --git a/roles/pdns/defaults/main.yml b/roles/pdns/defaults/main.yml
new file mode 100644
index 0000000..959e27a
--- /dev/null
+++ b/roles/pdns/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+
+pdns_image_name: "dev-docker-registry-01.smardigo.digital/smardigo/pdns-authoritative"
+pdns_image_version: "1.0.0"
+
+pdns_recursor_image_name: "dev-docker-registry-01.smardigo.digital/smardigo/pdns-recursor"
+pdns_recursor_image_version: "1.0.0"
+
+pdns_admin_image_name: "ngoduykhanh/powerdns-admin"
+pdns_admin_image_version: "0.2.2"
diff --git a/roles/pdns/handlers/main.yml b/roles/pdns/handlers/main.yml
new file mode 100644
index 0000000..273c648
--- /dev/null
+++ b/roles/pdns/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Verify resolv.conf
+  ansible.builtin.lineinfile:
+    path: /etc/resolv.conf
+    regexp: '^nameserver 127.0.0.53'
+    line: nameserver 127.0.0.1
diff --git a/roles/pdns/meta/main.yml b/roles/pdns/meta/main.yml
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/roles/pdns/meta/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/pdns/tasks/main.yml b/roles/pdns/tasks/main.yml
new file mode 100644
index 0000000..c746b1c
--- /dev/null
+++ b/roles/pdns/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+
+### tags:
+###   update_deployment
+
+- name: "Check if /etc/resolv.conf is link"
+  stat:
+    path: "/etc/resolv.conf"
+  register: link
+
+- name: "Stopping systemd-resolved if running"
+  ansible.builtin.systemd:
+    name: systemd-resolved.service
+    state: stopped
+
+- name: "Remove symbolic link to /run/systemd/resolve/stub-resolv.conf"
+  file:
+    path: "/etc/resolv.conf"
+    state: absent
+  when: link.stat.islnk is defined and link.stat.islnk
+
+- name: "Copy /run/systemd/resolve/stub-resolv.conf"
+  ansible.builtin.copy:
+    src: "/run/systemd/resolve/stub-resolv.conf"
+    dest: "/etc/resolv.conf"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Adding 8.8.8.8 as fallback to resolv.conf
+  ansible.builtin.lineinfile:
+    path: /etc/resolv.conf
+    regexp: '^nameserver 8\.8\.8\.8'
+    insertafter: '^nameserver 127\.0\.0.*'
+    line: nameserver 8.8.8.8
+
+- name: "Disabling systemd-resolved if enabled"
+  ansible.builtin.systemd:
+    name: systemd-resolved.service
+    enabled: no
+
+- name: "Deploying shared service dns to <{{ current_host }}><{{ current_server_ip }}>"
+  include_role:
+    name: _shared_service
+  vars:
+    current_service: "pdns"
+    current_server_ip : "{{ stage_server_ip }}"
+    current_dns_entry: "{{ inventory_hostname }}"
+    current_dns_entries : "{{ pdns_public_dns_entries | default([]) }}"
+    current_service_id : "{{ pdns_id }}"
+    current_service_docker : "{{ pdns_docker }}"
+
+- name: Verify resolv.conf
+  ansible.builtin.lineinfile:
+    path: /etc/resolv.conf
+    regexp: '^nameserver 127\.0\.0.*'
+    line: nameserver 127.0.0.1
+ 
+- name: "Delete search line if present"
+  ansible.builtin.lineinfile:
+    path: /etc/resolv.conf
+    regexp: '^search *'
+    state: absent
diff --git a/roles/pdns/vars/main.yml b/roles/pdns/vars/main.yml
new file mode 100644
index 0000000..16edb74
--- /dev/null
+++ b/roles/pdns/vars/main.yml
@@ -0,0 +1,133 @@
+---
+
+pdns_labels: [
+  '"traefik.enable=true"',
+  '"traefik.http.routers.{{ pdns_id }}.service={{ pdns_id }}"',
+  '"traefik.http.routers.{{ pdns_id }}.rule=Host(`{{ stage_server_domain }}`)"',
+  '"traefik.http.routers.{{ pdns_id }}.entrypoints=websecure"',
+  '"traefik.http.routers.{{ pdns_id }}.tls=true"',
+  '"traefik.http.routers.{{ pdns_id }}.tls.certresolver=letsencrypt"',
+  '"traefik.http.services.{{ pdns_id }}.loadbalancer.server.port=80"',
+]
+
+pdns_environment: [
+  "PDNS_gpgsql_host: \"{{ pdns_postgres_host }}\"",
+  "PDNS_gpgsql_dbname: \"{{ pdns_postgres_database }}\"",
+  "PDNS_gpgsql_user: \"{{ pdns_postgres_username }}\"",
+  "PDNS_gpgsql_password: \"{{ pdns_postgres_password }}\"",
+  "PDNS_master: \"yes\"",
+  "PDNS_api: \"yes\"",
+  "PDNS_api_key: \"{{ pdns_api_key }}\"",
+  "PDNS_webserver: \"yes\"",
+  "PDNS_webserver_address: \"0.0.0.0\"",
+  "PDNS_webserver_allow_from: \"172.6.0.0/16,0.0.0.0\"",
+  "PDNS_version_string: \"anonymous\"",
+  "PDNS_default_ttl: \"1500\"",
+]
+
+pdns_admin_environment: [
+  "SQLALCHEMY_DATABASE_URI: \"postgresql://{{ pdns_admin_postgres_username }}:{{ pdns_admin_postgres_password }}@{{ pdns_postgres_host }}/{{ pdns_admin_postgres_database }}\"",
+]
+
+pdns_recursor_environment: [
+  "PDNS_forward-zones: \"smardigo.digital=172.6.0.20\"",
+]
+
+pdns_docker: {
+  networks: [
+    {
+      name: front-tier,
+      external: true
+    },
+    {
+      name: pdns,
+      ipams: [
+        {
+          subnet: 172.6.0.0/16,
+          gateway: 172.6.0.1
+        }
+      ]
+    },
+  ],
+  services: [
+    {
+      name: "{{ pdns_id }}",
+      image_name: "{{ pdns_image_name }}",
+      image_version: "{{ pdns_image_version }}",
+      restart: "{{ pdns_service_restart | default('always') }}",
+      environment: "{{ pdns_environment + ( pdns_environment_additional | default([])) }}",
+      volumes: [
+        '"/etc/timezone:/etc/timezone:ro"',
+        '"/etc/localtime:/etc/localtime:ro"',
+      ],
+      networks: [
+        {
+          name: "pdns",
+          aliases: "pdns",
+          ipv4_address: "172.6.0.20",
+        },
+      ],
+      ports: [
+        {
+          external: "8081",
+          internal: "8081",
+        },
+      ],
+      extra_hosts: [
+        {
+          hostname: "{{ pdns_postgres_host }}",
+          ip: "{{ shared_service_pg_master_ip }}"
+        
+        },
+        {
+          hostname: "ns1.smardigo.digital",
+          ip: "172.6.0.20"
+        }
+      ],
+    },
+    {
+      name: "{{ pdns_admin_id }}",
+      image_name: "{{ pdns_admin_image_name }}",
+      image_version: "{{ pdns_admin_image_version }}",
+      labels: "{{ pdns_labels + ( pdns_labels_additional | default([])) }}",
+      environment: "{{ pdns_admin_environment + ( pdns_admin_environment_additional | default([])) }}",
+      volumes: [
+        '"/etc/timezone:/etc/timezone:ro"',
+        '"/etc/localtime:/etc/localtime:ro"',
+      ],
+      networks: [
+        '"pdns"',
+        '"front-tier"',
+      ],
+      extra_hosts: [
+        {
+          hostname: "{{ pdns_postgres_host }}",
+          ip: "{{ shared_service_pg_master_ip }}"
+        }
+      ],
+    },
+    {
+      name: "{{ pdns_recursor_id }}",
+      image_name: "{{ pdns_recursor_image_name }}",
+      image_version: "{{ pdns_recursor_image_version }}",
+      environment: "{{ pdns_recursor_environment + ( pdns_recursor_environment_additional | default([])) }}",
+      volumes: [
+        '"/etc/timezone:/etc/timezone:ro"',
+        '"/etc/localtime:/etc/localtime:ro"',
+      ],
+      ports: [
+        {
+          external: "53",
+          internal: "53/tcp",
+        },
+        {
+          external: "53",
+          internal: "53/udp",
+        },
+      ],
+      networks: [
+        '"pdns"',
+      ]
+    }
+  ],
+}
diff --git a/roles/postgres/handlers/main.yml b/roles/postgres/handlers/main.yml
index 04a1cab..cd21505 100644
--- a/roles/postgres/handlers/main.yml
+++ b/roles/postgres/handlers/main.yml
@@ -1,5 +1,2 @@
 ---
-- name: pg_reload_conf
-  become: yes
-  become_user: postgres
-  shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"'
+
diff --git a/roles/postgres/tasks/_postgres-acls.yml b/roles/postgres/tasks/_postgres-acls.yml
index 7055f7f..7cbae77 100644
--- a/roles/postgres/tasks/_postgres-acls.yml
+++ b/roles/postgres/tasks/_postgres-acls.yml
@@ -13,7 +13,6 @@
     line: 'host    {{ item.name }}    {{ item.name }}    {{ item.trusted_cidr_entry | default(shared_service_network) }} md5'
     path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
   with_items: "{{ postgres_acls }}"
-  notify: pg_reload_conf
 
 - name: "Checking roles exist"
   shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\""
@@ -94,3 +93,8 @@
   become: yes
   when:
     - database_state == 'present'
+
+- name: pg_reload_conf
+  become: yes
+  become_user: postgres
+  shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"'
\ No newline at end of file
diff --git a/smardigo.yml b/smardigo.yml
index b02347c..8bcff4b 100644
--- a/smardigo.yml
+++ b/smardigo.yml
@@ -24,6 +24,7 @@
   roles:
     - role: postfix
       when: "'postfix' in group_names"
+
     - role: keycloak
       when: "'keycloak' in group_names"
 
@@ -35,15 +36,19 @@
 
     - role: elastic
       when: "'elastic' in group_names"
+
     - role: logstash
       when: "'logstash' in group_names"
+
     - role: kibana
       when: "'kibana' in group_names"
 
     - role: postgres
       when: "'postgres' in group_names"
+
     - role: pgadmin4
       when: "'pgadmin4' in group_names"
+
     - role: maria
       when: "'maria' in group_names"
 
@@ -55,9 +60,15 @@
 
     - role: iam
       when: "'iam' in group_names"
+
     - role: webdav
       when: "'webdav' in group_names"
+
     - role: management
       when: "'management' in group_names"
+
     - role: redis
       when: "'redis' in group_names"
+
+    - role: pdns
+      when: "'pdns' in group_names"
diff --git a/stage-dev b/stage-dev
index db96fad..f4541ad 100644
--- a/stage-dev
+++ b/stage-dev
@@ -4,6 +4,9 @@ dev-awx-01
 [connect]
 dev-management-01
 
+[pdns]
+dev-pdns-01
+
 [elastic]
 dev-elastic-stack-elastic-01
 dev-elastic-stack-elastic-02
@@ -75,6 +78,7 @@ kube_node
 awx
 connect
 elastic
+pdns
 gitea
 harbor
 iam
diff --git a/stage-qa b/stage-qa
index d68587f..be56472 100644
--- a/stage-qa
+++ b/stage-qa
@@ -4,6 +4,9 @@ qa-awx-01
 [connect]
 qa-management-01
 
+[pdns]
+qa-pdns-01
+
 [elastic]
 qa-elastic-stack-elastic-01
 qa-elastic-stack-elastic-02
@@ -75,6 +78,7 @@ kube_node
 awx
 connect
 elastic
+pdns
 gitea
 harbor
 iam
diff --git a/templates/_docker/docker-compose.yml.j2 b/templates/_docker/docker-compose.yml.j2
index 01f2d55..67c6eb1 100644
--- a/templates/_docker/docker-compose.yml.j2
+++ b/templates/_docker/docker-compose.yml.j2
@@ -9,6 +9,14 @@ networks:
 {% for network in current_docker.networks %}
   {{ network.name }}:
     external: {{ network.external | default('false') }}
+{% if network.ipams is defined %}
+    ipam:
+      config:
+{% for config in network.ipams %}
+      - subnet: "{{ config.subnet }}"
+        gateway: "{{ config.gateway }}"
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% endif %}
 {# ################################################## networks #}
@@ -110,8 +118,19 @@ services:
   and (service.networks|length>0)
 %}
     networks:
-{% for item in service.networks %}
-      - {{ item }}
+{% for network in service.networks %}
+{% if network.name is defined %}
+      {{ network.name }}:
+{% if network.ipv4_address is defined %}
+        ipv4_address: {{ network.ipv4_address }}
+{% endif %}
+{% if network.aliases is defined %}
+        aliases:
+          - {{ network.aliases }}
+{% endif %}
+{% else %}
+      - {{ network }}
+{% endif %}
 {% endfor %}
 {% endif %}
 {# ######################################## networks #}
diff --git a/templates/pdns/schema.pgsql.sql b/templates/pdns/schema.pgsql.sql
new file mode 100644
index 0000000..80735c2
--- /dev/null
+++ b/templates/pdns/schema.pgsql.sql
@@ -0,0 +1,95 @@
+CREATE TABLE domains (
+  id                    SERIAL PRIMARY KEY,
+  name                  VARCHAR(255) NOT NULL,
+  master                VARCHAR(128) DEFAULT NULL,
+  last_check            INT DEFAULT NULL,
+  type                  VARCHAR(6) NOT NULL,
+  notified_serial       BIGINT DEFAULT NULL,
+  account               VARCHAR(40) DEFAULT NULL,
+  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
+);
+
+CREATE UNIQUE INDEX name_index ON domains(name);
+
+
+CREATE TABLE records (
+  id                    BIGSERIAL PRIMARY KEY,
+  domain_id             INT DEFAULT NULL,
+  name                  VARCHAR(255) DEFAULT NULL,
+  type                  VARCHAR(10) DEFAULT NULL,
+  content               VARCHAR(65535) DEFAULT NULL,
+  ttl                   INT DEFAULT NULL,
+  prio                  INT DEFAULT NULL,
+  disabled              BOOL DEFAULT 'f',
+  ordername             VARCHAR(255),
+  auth                  BOOL DEFAULT 't',
+  CONSTRAINT domain_exists
+  FOREIGN KEY(domain_id) REFERENCES domains(id)
+  ON DELETE CASCADE,
+  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
+);
+
+CREATE INDEX rec_name_index ON records(name);
+CREATE INDEX nametype_index ON records(name,type);
+CREATE INDEX domain_id ON records(domain_id);
+CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);
+
+
+CREATE TABLE supermasters (
+  ip                    INET NOT NULL,
+  nameserver            VARCHAR(255) NOT NULL,
+  account               VARCHAR(40) NOT NULL,
+  PRIMARY KEY(ip, nameserver)
+);
+
+
+CREATE TABLE comments (
+  id                    SERIAL PRIMARY KEY,
+  domain_id             INT NOT NULL,
+  name                  VARCHAR(255) NOT NULL,
+  type                  VARCHAR(10) NOT NULL,
+  modified_at           INT NOT NULL,
+  account               VARCHAR(40) DEFAULT NULL,
+  comment               VARCHAR(65535) NOT NULL,
+  CONSTRAINT domain_exists
+  FOREIGN KEY(domain_id) REFERENCES domains(id)
+  ON DELETE CASCADE,
+  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
+);
+
+CREATE INDEX comments_domain_id_idx ON comments (domain_id);
+CREATE INDEX comments_name_type_idx ON comments (name, type);
+CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
+
+
+CREATE TABLE domainmetadata (
+  id                    SERIAL PRIMARY KEY,
+  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
+  kind                  VARCHAR(32),
+  content               TEXT
+);
+
+CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);
+
+
+CREATE TABLE cryptokeys (
+  id                    SERIAL PRIMARY KEY,
+  domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
+  flags                 INT NOT NULL,
+  active                BOOL,
+  published             BOOL DEFAULT TRUE,
+  content               TEXT
+);
+
+CREATE INDEX domainidindex ON cryptokeys(domain_id);
+
+
+CREATE TABLE tsigkeys (
+  id                    SERIAL PRIMARY KEY,
+  name                  VARCHAR(255),
+  algorithm             VARCHAR(50),
+  secret                VARCHAR(255),
+  CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
+);
+
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);