diff --git a/flake.lock b/flake.lock
index 7b2733e..c90d9c8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -281,11 +281,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710120787,
-        "narHash": "sha256-tlLuB73OCOKtU2j83bQzSYFyzjJo3rjpITZE5MoofG8=",
+        "lastModified": 1710040110,
+        "narHash": "sha256-PNAV8VdZkNoSGQHGQWDefNarl0BtKjVMCCzu16+vsr4=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "e76ff2df6bfd2abe06abd8e7b9f217df941c1b07",
+        "rev": "851fcfd130597c5c91071d46275111522d4fd595",
         "type": "github"
       },
       "original": {
diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix
index 8d07f86..94365e0 100644
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@@ -6,7 +6,7 @@ let
     $ORIGIN rfive.de.
 
     rfive.de.   86400  IN  SOA ns.rfive.de. hostmaster.rfive.de. (
-      2024031014 ; serial
+      2024031013 ; serial
       10800      ; refresh
       3600       ; retry
       604800     ; expire
@@ -59,16 +59,6 @@ in
   services.bind = rec {
     enable = true;
     directory = "/var/lib/bind";
-    extraConfig = ''
-      dnssec-policy "split-keys" {
-        keys {
-          ksk lifetime unlimited algorithm ecdsap256sha256;
-          zsk lifetime 60d algorithm ecdsap256sha256;
-        };
-        publish-safety 1d;
-        retire-safety 1d;
-      };
-    '';
     zones = {
       "rfive.de" = {
         master = true;
@@ -77,7 +67,7 @@ in
         ];
         extraConfig = ''
           also-notify {${secondary};};
-          dnssec-policy split-keys;
+          dnssec-policy default;
           inline-signing yes;
           serial-update-method date;
         '';
@@ -93,5 +83,4 @@ in
     ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
     ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
   '';
-  environment.systemPackages = with pkgs; [ dig.out ];
 }
diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix
index 624fd75..7415d60 100644
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@@ -5,7 +5,6 @@
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./modules/networks
-      ./modules/adguard
       ./modules/backup
       ./modules/cache
       ./modules/matrix
diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix
deleted file mode 100644
index c1c3af7..0000000
--- a/hosts/nuc/modules/adguard/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 53 ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
-  services.adguardhome = {
-    enable = true;
-    openFirewall = true;
-    settings.bind_port = 3000;
-  };
-}
diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index 7a1b8ba..d985cf5 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -21,10 +21,12 @@
       "2620:fe::fe"
       "2620:fe::9"
     ];
-    extraConfig = ''
-      [Resolve]
-      DNSStubListener=no
-    '';
+    # make room for the adguard dns
+    # extraConfig = ''
+    #   [Resolve]
+    #   DNS=127.0.0.1
+    #   DNSStubListener=no
+    # '';
   };
   systemd.network = {
     enable = true;