diff --git a/fickit-frontend.yml b/fickit-frontend.yml
index f8441a77..8dde59a4 100644
--- a/fickit-frontend.yml
+++ b/fickit-frontend.yml
@@ -197,16 +197,11 @@ services:
     pid: new
     ipc: new
     uts: new
-#  - name: dns-server
-#    image: sapcc/unbound
-#    binds:
-#      - /etc/unbound/unbound.conf:/etc/unbound/unbound.conf:ro
-#    capabilities:
-#     - CAP_NET_BIND_SERVICE
-#    net: /run/netns/nginx
-#    pid: new
-#    ipc: new
-#    uts: new
+  - name: dns-server
+    image: nemunaire/unbound
+    binds:
+      - /etc/unbound/unbound.d:/etc/unbound/unbound.d:ro
+    net: /run/netns/nginx
 
 
 files:
@@ -410,6 +405,16 @@ files:
       # wait for ipv4 address
       waitip 4
     mode: "0440"
+  - path: etc/unbound/unbound.d/access-control.conf
+    contents: |
+        access-control: 172.23.0.0/16 allow
+    mode: "0440"
+  - path: etc/unbound/unbound.d/local-zone.conf
+    contents: |
+      local-zone: "srs.epita.fr" typetransparent
+      local-data: "fic.srs.epita.fr A 172.23.42.1"
+      local-data-ptr: "172.23.42.1 fic.srs.epita.fr"
+    mode: "0440"
   - path: etc/iptables/rules.v6
     contents: |
       *filter
@@ -456,7 +461,9 @@ files:
       [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
       [0:0] -A INPUT -p icmp --icmp-type 8 -j ACCEPT
       [0:0] -A INPUT -p icmp --icmp-type 0 -j ACCEPT
+      [0:0] -A INPUT -i bond-frontal -p udp -m udp --dport domain -j ACCEPT
       [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+      [0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport domain -j ACCEPT
       [0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport http -j ACCEPT
       [0:0] -A INPUT -i bond-frontal -p tcp -m conntrack --ctstate NEW -m tcp --dport https -j ACCEPT
       [0:0] -A INPUT -j LOG
@@ -464,6 +471,7 @@ files:
       [0:0] -A OUTPUT -o lo -j ACCEPT
       [0:0] -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
       [0:0] -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
+      [0:0] -A OUTPUT -o bond-frontal -p udp -m udp --sport domain -j ACCEPT
       [0:0] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
       [0:0] -A OUTPUT -o vethin-nginx -d 172.17.1.3 -p tcp -m conntrack --ctstate NEW -m tcp --dport 8080 -j ACCEPT
       [0:0] -A OUTPUT -o internet -j ACCEPT