diff --git a/deploy.yaml b/deploy.yaml
index 1e5c4b4..5fdcbe9 100644
--- a/deploy.yaml
+++ b/deploy.yaml
@@ -21,3 +21,24 @@
       ansible.builtin.service:
         name: kea-dhcp4-server
         state: restarted
+
+- name: Deploy Unbound DNS
+  hosts: resolv-dns
+  tasks:
+    - name: deploy kea dhcp server config
+      ansible.builtin.copy:
+        src: "resources/resolv-dns/files/unbound.conf.d/{{ item }}"
+        dest: "/etc/unbound/unbound.conf.d/{{ item }}"
+        owner: root
+        group: root
+        mode: "0644"
+      notify: Restart Unbound
+      loop:
+        - local-data.conf
+        - noc.conf
+      
+  handlers:
+    - name: Restart Unbound
+      ansible.builtin.service:
+        name: unbound
+        state: restarted
diff --git a/resources/resolv-dns/files/unbound.conf.d/local-data.conf b/resources/resolv-dns/files/unbound.conf.d/local-data.conf
new file mode 100644
index 0000000..1fc937e
--- /dev/null
+++ b/resources/resolv-dns/files/unbound.conf.d/local-data.conf
@@ -0,0 +1,11 @@
+server:
+  local-data: "cookies.eh22.intern. A 94.45.254.3"
+  local-data: "jool.eh22.intern. 0 IN A 94.45.254.4"
+  local-data: "grafana.noc.eh22.intern. CNAME monitoring.noc.eh22.intern"
+  local-data: "loki.noc.eh22.intern. CNAME monitoring.noc.eh22.intern"
+  local-data: "mimir.noc.eh22.intern. CNAME monitoring.noc.eh22.intern"
+  local-data: "monitoring.noc.eh22.intern. A 94.45.255.4"
+  local-data: "proxmox.noc.eh22.intern. A 94.45.255.2"
+  local-data: "router.noc.eh22.intern. A 94.45.255.2"
+  local-data: "resolv-dns.eh22.intern. A 94.45.254.2"
+  local-data: "dhcp.eh22.intern. A 94.45.255.70"
diff --git a/resources/resolv-dns/files/unbound.conf.d/noc.conf b/resources/resolv-dns/files/unbound.conf.d/noc.conf
new file mode 100644
index 0000000..3846723
--- /dev/null
+++ b/resources/resolv-dns/files/unbound.conf.d/noc.conf
@@ -0,0 +1,4 @@
+server:
+  qname-minimisation: yes
+  interface: 0.0.0.0
+  access-control: 94.45.224.0/19 allow