diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml
index 155db2c..25b3de1 100644
--- a/inventories/chaosknoten/host_vars/auth-dns.yaml
+++ b/inventories/chaosknoten/host_vars/auth-dns.yaml
@@ -1,8 +1,2 @@
 ---
 deploy_systemd_resolved_config__enable: false
-
-docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2') }}"
-
-docker_compose__configuration_files:
-  - name: "knot.conf"
-    content: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/auth-dns/docker_compose/knot.conf.j2') }}"
diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index 5d97783..a6cea9b 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -155,7 +155,6 @@ docker_compose_hosts:
     sunders:
     spaceapiccc:
     mjolnir:
-    auth-dns:
 nextcloud_hosts:
   hosts:
     cloud:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index e032782..130d914 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -101,3 +101,8 @@
 
 - name: Run ensure_eh22_styleguide_dir Playbook
   ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml
+
+- name: Setup authoritative dns servers
+  hosts: auth-dns
+  roles:
+    - auth-dns
diff --git a/roles/auth-dns/handlers/main.yaml b/roles/auth-dns/handlers/main.yaml
new file mode 100644
index 0000000..5ee0a5d
--- /dev/null
+++ b/roles/auth-dns/handlers/main.yaml
@@ -0,0 +1,8 @@
+- tags: [ 02-auth-dns ]
+  name: restart knot
+  become: true
+  notify: restart knot
+  ansible.builtin.systemd:
+    name: knot.service
+    state: restarted
+
diff --git a/roles/auth-dns/tasks/01-install.yaml b/roles/auth-dns/tasks/01-install.yaml
new file mode 100644
index 0000000..e3a66e3
--- /dev/null
+++ b/roles/auth-dns/tasks/01-install.yaml
@@ -0,0 +1,6 @@
+- tags: [ auth-dns ]
+  name: Install knot
+  become: true
+  package:
+    name: [ knot, knot-exporter ]
+
diff --git a/roles/auth-dns/tasks/02-configure.yaml b/roles/auth-dns/tasks/02-configure.yaml
new file mode 100644
index 0000000..6577a79
--- /dev/null
+++ b/roles/auth-dns/tasks/02-configure.yaml
@@ -0,0 +1,11 @@
+- tags: [ auth-dns ]
+  name: Deploy knot configuration file
+  become: true
+  notify: restart knot
+  template:
+    src: knot.conf.j2
+    dest: /etc/knot/knot.conf
+    owner: knot
+    group: knot
+    mode: u=rw,g=r,o=
+
diff --git a/roles/auth-dns/tasks/main.yaml b/roles/auth-dns/tasks/main.yaml
new file mode 100644
index 0000000..8bf981f
--- /dev/null
+++ b/roles/auth-dns/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: 01-install.yaml
+- import_tasks: 02-configure.yaml
diff --git a/resources/chaosknoten/auth-dns/docker_compose/knot.conf.j2 b/roles/auth-dns/templates/knot.conf.j2
similarity index 89%
rename from resources/chaosknoten/auth-dns/docker_compose/knot.conf.j2
rename to roles/auth-dns/templates/knot.conf.j2
index 17f6144..d0e5a5a 100644
--- a/resources/chaosknoten/auth-dns/docker_compose/knot.conf.j2
+++ b/roles/auth-dns/templates/knot.conf.j2
@@ -2,17 +2,17 @@
 # See knot.conf(5) or refer to the server documentation.
 
 server:
-    rundir: "/rundir"
+    rundir: "/run/knot"
     user: knot:knot
     automatic-acl: on
-    listen: [ "212.12.48.124", "2a00:14b0:4200:3000:124::1" ]
+    listen: [ "0.0.0.0@53", "::@53" ]
 
 log:
-  - target: stderr
+  - target: syslog
     any: info
 
 database:
-    storage: "/storage"
+    storage: "/var/lib/knot"
 
 key:
   - id: auth-dns.hamburg.ccc.de
@@ -41,7 +41,7 @@ policy:
 # define default settings that apply to all zones
 template:
   - id: default
-    storage: "/config/zones"
+    storage: "/etc/knot/zones"
     file: "%s.zone"
     semantic-checks: on
     zonefile-sync: -1