diff --git a/machines/gustave/nsd.nix b/machines/gustave/nsd.nix
index 5eda268..504be05 100644
--- a/machines/gustave/nsd.nix
+++ b/machines/gustave/nsd.nix
@@ -100,16 +100,6 @@ lib.mkMerge [
     '';
 
     networking.firewall.allowedUDPPorts = [ 53 ];
-    machine.meta.zones."julienmalka.me".subdomains = {
-      ns1 = {
-        A = [ "82.67.34.230" ];
-        AAAA = [ "2a01:e0a:de4:a0e0:2f0:cbff:feef:e12a" ];
-      };
-      ns2 = {
-        A = [ "163.172.91.82" ];
-        AAAA = [ "2001:bc8:3d24::45" ];
-      };
-    };
 
   }
 
diff --git a/modules/dns/default.nix b/modules/dns/default.nix
index 4e4fa30..4e89023 100644
--- a/modules/dns/default.nix
+++ b/modules/dns/default.nix
@@ -27,6 +27,16 @@ let
   ];
   defaults = {
     inherit SOA NS;
+    subdomains = {
+      ns1 = {
+        A = [ lib.snowfield.router.ips.public.ipv4 ];
+        AAAA = [ lib.snowfield.router.ips.public.ipv6 ];
+      };
+      ns2 = {
+        A = [ lib.snowfield.akhaten.ips.public.ipv4 ];
+        AAAA = [ lib.snowfield.akhaten.ips.public.ipv6 ];
+      };
+    };
   };
 in
 with lib;
@@ -52,7 +62,9 @@ with lib;
             let
               subdomain = lib.dns.getDomainPrefix allowedDomains n;
             in
-            (if elem subdomain allowedDomains then v else { subdomains."${subdomain}" = v; }) // defaults
+            lib.recursiveUpdate (
+              if elem subdomain allowedDomains then v else { subdomains."${subdomain}" = v; }
+            ) defaults
           )
         ) (lib.dns.domainToRecords domain cfg (isVPNDomain domain))
       ) domains;