diff --git a/machines/gustave/nsd.nix b/machines/gustave/nsd.nix
index c8a7f19..cf98197 100644
--- a/machines/gustave/nsd.nix
+++ b/machines/gustave/nsd.nix
@@ -31,18 +31,36 @@ let
       ];
     }).config.zones;
 
+  stateDir = "/var/lib/nsd";
+
 in
 
 {
   services.nsd = {
     enable = true;
     interfaces = [
-      config.machine.meta.ips.public.ipv4
+      config.machine.meta.ips.vpn.ipv4
       config.machine.meta.ips.public.ipv6
     ];
     zones = lib.mapAttrs (_: value: {
       data = builtins.toString value;
       provideXFR = [ "100.100.45.0/24 NOKEY" ];
+      notify = [ "${lib.snowfield.akhaten.ips.vpn.ipv4} NOKEY" ];
     }) (evalZones zonesFromConfig);
   };
+
+  systemd.services.nsd.preStart = lib.mkAfter ''
+    if [ -f ${stateDir}/counter ]; then
+      current_value=$(cat ${stateDir}/counter)
+      new_value=$((current_value + 1))
+      echo "$new_value" > ${stateDir}/counter
+    else
+      echo "0" > ${stateDir}/counter
+      new_value="0"
+    fi
+    sed -i "3s/0/$new_value/" ${stateDir}/zones/julienmalka.me
+  '';
+
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
 }