diff --git a/roles/router/files/nsd/nehe.sr b/roles/router/files/nsd/nehe.sr
new file mode 100644
index 0000000000000000000000000000000000000000..48123681393389ca752bc1295e48279d5728ecc8
--- /dev/null
+++ b/roles/router/files/nsd/nehe.sr
@@ -0,0 +1,58 @@
+; vim: filetype=bindzone
+$TTL 1h
+$ORIGIN nehe.sr.
+@ IN SOA ns1.shore.co.il. hostmaster (
+ 2021050201
+ 1h
+ 5m
+ 4w
+ 3h )
+
+ IN NS ns1.shore.co.il.
+ IN NS ns4.shore.co.il.
+ IN A 163.172.74.36
+ IN TXT "v=spf1 +mx -all"
+ IN SPF "v=spf1 +mx -all"
+ IN MX 10 smtp.shore.co.il.
+ IN CAA 128 issue "letsencrypt.org"
+
+
+_imaps._tcp IN SRV 0 1 993 imap.shore.co.il.
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+_submission._tcp IN SRV 0 1 587 smtp.shore.co.il.
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+_smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:postmaster@shore.co.il"
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+_mta-sts IN TXT "v=STSv1;id=2020072604;"
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+_carddavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il.
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+_caldavs._tcp IN SRV 0 1 443 nextcloud.shore.co.il.
+ IN TXT "v=spf1 -all"
+ IN SPF "v=spf1 -all"
+
+autoconfig IN CNAME ns4.shore.co.il.
+mta-sts IN CNAME smtp.shore.co.il.
+www IN CNAME ns4.shore.co.il.
+
+host01._domainkey IN TXT ("v=DKIM1\; k=rsa\;"
+"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9EM6TzCofz004vL+aBV"; # pragma: allowlist secret
+"rUcCE2CjIcBw+k50vOir4JkE/+UxAStV/MHT59S0ObjMnkkjR0YCKKJqBPWwaqva"; # pragma: allowlist secret
+"ztZqIj/7g0IsrqoCgVeCcrBEPZ86BN2f4K+r5cWoWwUXtWyVMxJA8J+nnf/7ntLb"; # pragma: allowlist secret
+"e63tzKMZepfDHtbgojG88nyi6rdtdJYOIgVKoNhfLS7K4oxSHGmj0RjCO7CbB/8S"; # pragma: allowlist secret
+"swJhQMwGXCL87iBiQko8e/rqMxbhAuuYRp/ZbM5UXUc+Ds84PRx4TPOxYUC99x2g"; # pragma: allowlist secret
+"TlGIStWa09I0z1JnutqedBrN0uo52DKkA5jLN2xqabZ8RVdVLVmtM50Fbq5EimAK"; # pragma: allowlist secret
+"swIDAQAB\;")
+
+_adsp._domainkey IN TXT "dkim=all;"
+_dmarc IN TXT "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s"
diff --git a/roles/router/files/nsd/nehe.sr.conf b/roles/router/files/nsd/nehe.sr.conf
new file mode 100644
index 0000000000000000000000000000000000000000..45f3856f3704c96d77b17511e7fe179c8a54665c
--- /dev/null
+++ b/roles/router/files/nsd/nehe.sr.conf
@@ -0,0 +1,5 @@
+zone:
+ name: "nehe.sr"
+ zonefile: "nehe.sr"
+ notify: 163.172.74.36 NOKEY #ns4.shore.co.il
+ provide-xfr: 0.0.0.0/0 NOKEY
diff --git a/roles/router/files/nsd/shore.co.il b/roles/router/files/nsd/shore.co.il
index 3423b2d0ae3c19d9e21c63134c380a573e647d56..9aed6e61ce24a9a138cc084d59ced9f84bbe8547 100644
--- a/roles/router/files/nsd/shore.co.il
+++ b/roles/router/files/nsd/shore.co.il
@@ -1,3 +1,4 @@
+; vim: filetype=bindzone
$TTL 1h
$ORIGIN shore.co.il.
@ IN SOA ns1 hostmaster (
diff --git a/roles/router/files/nsd/shore_co_il.conf b/roles/router/files/nsd/shore.co.il.conf
similarity index 100%
rename from roles/router/files/nsd/shore_co_il.conf
rename to roles/router/files/nsd/shore.co.il.conf
diff --git a/roles/router/files/pf.conf b/roles/router/files/pf.conf
index ebbc869f1ed51e4f4827c807f1dc2cc6619ca99b..8c4d2bdbb4a2ea36ba87bf2d75d72877fd92e3db 100644
--- a/roles/router/files/pf.conf
+++ b/roles/router/files/pf.conf
@@ -1,3 +1,4 @@
+# vim: filetype=pf
# Policy
set skip on lo
set block-policy return
diff --git a/roles/router/tasks/main.yaml b/roles/router/tasks/main.yaml
index 0b2e00789e7a733a7a10f8d5487638905a2b60dd..1305b090bf3234982900d94985a2b418893e137c 100644
--- a/roles/router/tasks/main.yaml
+++ b/roles/router/tasks/main.yaml
@@ -235,7 +235,8 @@
- name: Configure the NSD DNS server
loop:
- - shore_co_il.conf
+ - shore.co.il.conf
+ - nehe.sr.conf
copy:
dest: '/var/nsd/etc/nsd.conf.d/{{ item }}'
mode: preserve
@@ -252,6 +253,7 @@
- name: Configure the NSD DNS server
loop:
- shore.co.il
+ - nehe.sr
copy:
dest: '/var/nsd/zones/{{ item }}'
mode: preserve