diff --git a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml
index 1899a27..b69debc 100644
--- a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml
+++ b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml
@@ -1,4 +1,5 @@
 ansible_pull__age_private_key: ENC[AES256_GCM,data:2kBG8j8JHa/dlXgWMdbSobulFdVunf052T1QQfm1X2vpEZx2HPCL87fWea+O0WOg7+eoMYbiShu0Vw1eTjb+687LjU8l4cj2JWIajnYfDGH+ipWXojxj613C3RZV3JfDOclVTwP8fCHu7z7P3fKrsKWb5d3t2ohTT+sGdVdimakAOf192CkufcVIthq2imiWbntiMTOdMGJxyIjqT2Io2H89nSbJXkONsuHCF/PbxhryB2LZbl8aZV32knk=,iv:hpscVc7iO4r/h31vS6Zno2pkEsgA2uR7wD/1PjH1znM=,tag:ypiwFtgeXuj4gOsgTCRTBw==,type:str]
+knot__dnssec_key_secret: ENC[AES256_GCM,data:WPFTLyJIttFtqqTZV2fGN0Tt1vRS318TGmd2YqNzYisE3TBi6Z2aClxuYh56Q+j7TUQwCvga3jd5w017sEz3kA==,iv:umaFHBCy9AZgNFv7uXLCtO0o/NZDAZ1QNg5DcGHWEW8=,tag:oR92C1Uj5iXU9L02MqzGSQ==,type:str]
 sops:
   age:
     - recipient: age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve
@@ -10,8 +11,8 @@ sops:
         MEZQTHZXNExsSnl0WW9Vb29sajE1YzAKoYU7rGuR+52+U02uf3eTH9hkIECWdcJv
         wN9JTwsUn0c6mi/d4AHgv5O04Uw7NxUyGVmFlDZzjxLwPzZyR73SvA==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2026-04-29T19:21:55Z"
-  mac: ENC[AES256_GCM,data:RLXsIsSdrCuElYQ3x2YpwYzQx0V0zoYP6h9FLD+RqmZ1pWhlk6Ijp9WxCAlEWps9n5rPYYyhZ3ldSJluTVeroPwpzrmwW+xXCGsCC0BFk6PuB4UynfHwWR/3jEK47nAdPbNfONhzGfOeTObYp22c3iHiKL8YochOSlBToA8mFr4=,iv:fZZEa3C/BsNKGdTKlR/hexrzhmLxiMVxgL9nXjX2Q1E=,tag:I5M8SNbSw4w1crsl0z/5+Q==,type:str]
+  lastmodified: "2026-05-01T17:08:09Z"
+  mac: ENC[AES256_GCM,data:TaMWf1ESs8nYzxkElMYtsz+/Be0PtI7FA0q6IFK+ob4dl/EN+AeTD7Pp0MZF8zcRvZ4hF0Ybimet5bwVR+d7UIXlXz3qP//pX68JDCvcLMQuhNtm6Ws+mwVxkpxEvBr1PtxlSvcQ76vH3ryEsXkP84gmlCDEdX1GAZYZ9ZS3Cfk=,iv:g3tzUfTPNUQyOAxWJEFPHg0IAPAzQgwYABHm4mFOOrI=,tag:C6KE/bg/3jS7Wc56y6YOJQ==,type:str]
   pgp:
     - created_at: "2026-04-29T19:18:43Z"
       enc: |-
diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml
index 25b3de1..cd08238 100644
--- a/inventories/chaosknoten/host_vars/auth-dns.yaml
+++ b/inventories/chaosknoten/host_vars/auth-dns.yaml
@@ -1,2 +1,20 @@
 ---
 deploy_systemd_resolved_config__enable: false
+
+knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1"
+knot__remotes:
+  - id: ns-intern.hamburg.ccc.de
+    address: [ "2a00:14b0:f000:23::53", "172.31.17.53" ]
+
+knot__catalog_zones:
+  - domain: "hamburg.ccc.de.catalog."
+
+knot__zones:
+  # - domain: "hamburg.ccc.de."
+  #   catalog_member: "hamburg.ccc.de.catalog."
+  #   content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}"
+  - domain: "hh.ccc.de."
+    catalog_member: "hamburg.ccc.de.catalog."
+    notify_targets: [ "ns-intern.hamburg.ccc.de" ]
+    content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}"
+
diff --git a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone
index 8705e3f..35794ba 100644
--- a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone
+++ b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone
@@ -8,7 +8,7 @@ $TTL 7200
 ; ich hoffe diese aenderung arbeitet um diesen bug herum.
 ; - haegar 2001.11.14
 
-@               IN      SOA     ns.hamburg.ccc.de. haegar.ccc.de. (
+@               IN      SOA     auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. (
 		2024012601
                 10800
                 3600
@@ -67,3 +67,7 @@ uucp		IN	A	192.76.134.7
 ; ChaosVPN
 hack		IN	NS	cvpn-dns.hack
 cvpn-dns.hack	IN	A	172.31.0.5
+
+
+; tmp test
+merz.leck.eier IN TXT "kann er mal"