diff --git a/playbook.yml b/playbook.yml
index e9a3039215778910a5d8e4b89167234270ffeaa5..14d469902f5f9e75c42148d897e4e68cf1a0ce73 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -3,6 +3,7 @@
   become: yes
   roles:
     - base
+    - ffhl_nameserver
 
 - hosts: kaisertor
   become: yes
diff --git a/roles/base/files/powerdns/recursor.lua b/roles/base/files/powerdns/recursor.lua
deleted file mode 100644
index 1d670a572e49ff5a23ce5e3d9a00dbe7a80a0c43..0000000000000000000000000000000000000000
--- a/roles/base/files/powerdns/recursor.lua
+++ /dev/null
@@ -1,7 +0,0 @@
--- Debian default Lua configuration file for PowerDNS Recursor
-
--- Load DNSSEC root keys from dns-root-data package.
--- Note: If you provide your own Lua configuration file, consider
--- running rootkeys.lua too.
-dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
-
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index d20097caad601a39ef885f5b58c0a7cab3cb85b2..5cd69376786cc630c679aa8b44c26ce375484f64 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -1,12 +1,12 @@
 ---
 - name: copy base configs
-  tags: [base, etc, apt, powerdns]
+  tags: [base, etc, apt]
   copy:
     src: etc/
     dest: /etc
 
 - name: copy scripts
-  tags: [base, powerdns]
+  tags: [base]
   copy:
     src: scripts/
     dest: /usr/local/lib/ffhl/
@@ -101,8 +101,6 @@
   tags: [network, radvd]
 - include: dhcpd.yml
   tags: [network, dhcp]
-- include: powerdns.yml
-  tags: [powerdns, network]
 
 - include: bird.yml
   tags: [bird]
diff --git a/roles/base/files/dnsdist/dnsdist.conf b/roles/ffhl_nameserver/files/dnsdist/dnsdist.conf
similarity index 100%
rename from roles/base/files/dnsdist/dnsdist.conf
rename to roles/ffhl_nameserver/files/dnsdist/dnsdist.conf
diff --git a/roles/base/files/powerdns/bind.conf b/roles/ffhl_nameserver/files/powerdns/bind.conf
similarity index 100%
rename from roles/base/files/powerdns/bind.conf
rename to roles/ffhl_nameserver/files/powerdns/bind.conf
diff --git a/roles/base/files/powerdns/forward-zones.conf b/roles/ffhl_nameserver/files/powerdns/forward-zones.conf
similarity index 100%
rename from roles/base/files/powerdns/forward-zones.conf
rename to roles/ffhl_nameserver/files/powerdns/forward-zones.conf
diff --git a/roles/base/files/powerdns/pdns.conf b/roles/ffhl_nameserver/files/powerdns/pdns.conf
similarity index 100%
rename from roles/base/files/powerdns/pdns.conf
rename to roles/ffhl_nameserver/files/powerdns/pdns.conf
diff --git a/roles/base/files/powerdns/recursor.conf b/roles/ffhl_nameserver/files/powerdns/recursor.conf
similarity index 100%
rename from roles/base/files/powerdns/recursor.conf
rename to roles/ffhl_nameserver/files/powerdns/recursor.conf
diff --git a/roles/base/files/scripts/update-dns.sh b/roles/ffhl_nameserver/files/scripts/update-dns.sh
similarity index 94%
rename from roles/base/files/scripts/update-dns.sh
rename to roles/ffhl_nameserver/files/scripts/update-dns.sh
index bac9f1d5bdd946728127e24fc60ab151d446afad..e921451042e725f1fd1b1f40f1fe3f92982d4ed6 100644
--- a/roles/base/files/scripts/update-dns.sh
+++ b/roles/ffhl_nameserver/files/scripts/update-dns.sh
@@ -9,6 +9,6 @@ mkdir -p "$DEST"
 git clone "$REPO" "$DIR"
 git --git-dir="$DIR/.git" --work-tree="$DEST" reset --hard
 
-rm -rf $DIR
+rm -rf "$DIR"
 
 pdns_control reload
diff --git a/roles/base/files/etc/systemd/system/update-ffhl-dns.service b/roles/ffhl_nameserver/files/systemd/update-ffhl-dns.service
similarity index 100%
rename from roles/base/files/etc/systemd/system/update-ffhl-dns.service
rename to roles/ffhl_nameserver/files/systemd/update-ffhl-dns.service
diff --git a/roles/base/files/etc/systemd/system/update-ffhl-dns.timer b/roles/ffhl_nameserver/files/systemd/update-ffhl-dns.timer
similarity index 100%
rename from roles/base/files/etc/systemd/system/update-ffhl-dns.timer
rename to roles/ffhl_nameserver/files/systemd/update-ffhl-dns.timer
diff --git a/roles/ffhl_nameserver/tasks/main.yml b/roles/ffhl_nameserver/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b3e0e2cbaa7462b94c74792d731230836bdff15
--- /dev/null
+++ b/roles/ffhl_nameserver/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: install packages
+  tags: [dns, powerdns]
+  apt:
+    state: latest
+    name:
+      - dnsdist
+      - pdns-recursor
+      - pdns-server
+      - pdns-backend-bind
+
+
+- include: powerdns.yml
+  tags: [powerdns]
diff --git a/roles/base/tasks/powerdns.yml b/roles/ffhl_nameserver/tasks/powerdns.yml
similarity index 54%
rename from roles/base/tasks/powerdns.yml
rename to roles/ffhl_nameserver/tasks/powerdns.yml
index 7478390e694870298733fbeb4c537c9e5f4b0574..f73d35537a86c5a9c39d4ef24cb3b9449cd0ca39 100644
--- a/roles/base/tasks/powerdns.yml
+++ b/roles/ffhl_nameserver/tasks/powerdns.yml
@@ -1,38 +1,27 @@
 ---
 
-- name: install packages
-  apt:
-    autoremove: yes
-    update_cache: yes
-    state: latest
-    name:
-      - dnsdist
-      - pdns-recursor
-      - pdns-server
-      - pdns-backend-bind
 
-- name: copy powerdns configs
+- name: copy systemd services and timers
   copy:
-    src: powerdns
-    dest: /etc/
+    src: systemd/
+    dest: /etc/systemd/system/
 
 - name: copy dnsdist configs
   copy:
     src: dnsdist
     dest: /etc/
 
-- name: clone dns-repo
-  git:
-    repo: "{{ dns_repo_url }}"
-    dest: /var/local/ffhl-dns
-    accept_hostkey: yes
-    version: HEAD
-
 - name: remove default bind-backend config
   file:
     path: /etc/powerdns/pdns.d/bind.conf
     state: absent
 
+- name: remove old dns repo
+  file:
+    path: /var/local/ffhl-dns
+    state: absent
+
+
 - name: restart powerdns
   systemd:
     daemon_reload: yes
@@ -42,6 +31,6 @@
   with_items:
     - pdns-recursor.service
     - pdns.service
-    - update-ffhl-dns.timer
     - dnsdist.service
+    - update-ffhl-dns.timer
     - update-ffhl-dns.service