diff --git a/group_vars/dnagw.yml b/group_vars/dnagw.yml
index 1434d5a..c79813f 100644
--- a/group_vars/dnagw.yml
+++ b/group_vars/dnagw.yml
@@ -34,8 +34,16 @@ network_ether_interfaces:
     proto: none
 
 unbound_zones:
-  - 20.172.in-addr.arpa
-  - home.foo.sh
+  - 144-28.96.16.37.in-addr.arpa
+  - foo.sh
+  - >-
+    {% set reverse = intnet | ansible.utils.ipaddr('network') | ansible.utils.ipaddr('revdns') -%}
+    {% if intnet | ansible.utils.ipaddr('prefix') < 24 -%}
+    {{ reverse[:-1] | split('.', 2) | last -}}
+    {% else -%}
+    {{ reverse[:-1] | split('.', 1) | last -}}
+    {% endif -%}
+  - "{{ inventory_hostname.split('.')[1:] | join('.') }}"
 
 # use custom firewall config
 firewall_src: pf.conf.gw_dna.j2