diff --git a/ansible/roles/adguardhome/files/Corefile b/ansible/roles/adguardhome/files/Corefile
new file mode 100644
index 0000000..ea00ab4
--- /dev/null
+++ b/ansible/roles/adguardhome/files/Corefile
@@ -0,0 +1,32 @@
+(alias) {
+    errors
+    cancel
+
+    forward . tls://9.9.9.10 {
+       tls_servername dns10.quad9.net
+    }
+
+    hosts {
+        {{ pve_hosts.ingress.external_ip }} pve.sys.theorangeone.net
+        fallthrough
+        ttl 300
+    }
+
+    # HACK: Rewrite the CNAME to itself so it's reprocessed
+    rewrite cname exact pve.sys.theorangeone.net. pve.sys.theorangeone.net.
+}
+
+
+theorangeone.net:5353 {
+    import alias
+}
+
+jakehoward.tech:5353 {
+    import alias
+}
+
+.:5353 {
+    acl {
+        block
+    }
+}
diff --git a/ansible/roles/adguardhome/files/adguardhome.yml b/ansible/roles/adguardhome/files/adguardhome.yml
index 2b20673..9c0450f 100644
--- a/ansible/roles/adguardhome/files/adguardhome.yml
+++ b/ansible/roles/adguardhome/files/adguardhome.yml
@@ -24,6 +24,8 @@ dns:
   refuse_any: true
   upstream_dns:
     - tls://dns10.quad9.net
+    - '[/theorangeone.net/]127.0.0.53:5353'
+    - '[/jakehoward.tech/]127.0.0.53:5353'
   upstream_dns_file: ""
   bootstrap_dns:
     - 9.9.9.10
@@ -140,9 +142,7 @@ filtering:
   blocking_mode: default
   parental_block_host: family-block.dns.adguard.com
   safebrowsing_block_host: standard-block.dns.adguard.com
-  rewrites:
-    - domain: pve.sys.theorangeone.net
-      answer: "{{ pve_hosts.ingress.external_ip }}"
+  rewrites: []
   safebrowsing_cache_size: 1048576
   safesearch_cache_size: 1048576
   parental_cache_size: 1048576
diff --git a/ansible/roles/adguardhome/handlers/main.yml b/ansible/roles/adguardhome/handlers/main.yml
index 2577cfb..8d1940b 100644
--- a/ansible/roles/adguardhome/handlers/main.yml
+++ b/ansible/roles/adguardhome/handlers/main.yml
@@ -2,4 +2,12 @@
   service:
     name: adguardhome
     state: restarted
+    enabled: true
+  become: true
+
+- name: restart coredns
+  service:
+    name: coredns
+    state: restarted
+    enabled: true
   become: true
diff --git a/ansible/roles/adguardhome/tasks/main.yml b/ansible/roles/adguardhome/tasks/main.yml
index f3fcb64..4be0a12 100644
--- a/ansible/roles/adguardhome/tasks/main.yml
+++ b/ansible/roles/adguardhome/tasks/main.yml
@@ -15,3 +15,17 @@
     mode: "0600"
   notify: restart adguardhome
   become: true
+
+- name: Install coredns
+  kewlfft.aur.aur:
+    name: coredns
+  become: true
+
+- name: Install coredns config file
+  template:
+    src: files/Corefile
+    dest: /etc/coredns/Corefile
+    owner: coredns
+    mode: "0644"
+  notify: restart coredns
+  become: true