diff --git a/10_base_server_setup.yaml b/10_base_server_setup.yaml
index 38af881..370aeb6 100644
--- a/10_base_server_setup.yaml
+++ b/10_base_server_setup.yaml
@@ -30,10 +30,16 @@
           - "git"
           - "tcpdump"
           - "dnsutils"
-          - "ufw"
           - "iputils-ping"
           - "ripgrep"
 
+    - name: "Install ufw"
+      ansible.builtin.apt:
+        state: present
+        name:
+          - "ufw"
+      when: ufw_status == "enabled"
+
     - name: "Make sure ntpd is not installed"
       ansible.builtin.apt:
         state: absent
@@ -64,7 +70,9 @@
         rule: allow
         to_port: "{{ ssh_port }}"
         protocol: tcp
+      when: ufw_status == "enabled"
 
     - name: "Enable ufw"
       community.general.ufw:
         state: enabled
+      when: ufw_status == "enabled"
diff --git a/20_powerdns_setup.yaml b/20_powerdns_setup.yaml
index cd1ebbf..24dec32 100644
--- a/20_powerdns_setup.yaml
+++ b/20_powerdns_setup.yaml
@@ -10,7 +10,10 @@
     pdns_sqlite_databases_locations:
       - "{{ database_name }}"
     pdns_config:
-      allow-axfr-ips: "192.168.2.143"
+      allow-axfr-ips: "{{ axfr_ips }}"
+      server-id: "ns1.m4n5.nl"
+      default-soa-content: "ns1.m4n5.nl. hostmaster.m4n5.nl. 1 3600 600 604800 1800"
+      version-string: "anonymous"
       primary: true
     pdns_auth_powerdns_repo_49:
       apt_repo_origin: "repo.powerdns.com"
@@ -29,41 +32,11 @@
         rule: allow
         to_port: "53"
         protocol: udp
+      when: ufw_status == "enabled"
 
     - name: "Add AXFR/IXFR allow rule in ufw"
       community.general.ufw:
         rule: allow
         to_port: "53"
         protocol: tcp
-
-# - name: "PowerDNS setup"
-#   hosts: slave_nameservers
-#   become: true
-#   vars:
-#     database_name: "/var/lib/powerdns/db.sqlite"
-#     pdns_backends:
-#       gsqlite3:
-#         database: "{{ database_name }}"
-#     pdns_sqlite_databases_locations:
-#       - "{{ database_name }}"
-#     pdns_config:
-#       allow-axfr-ips: "192.168.2.143"
-#       primary: false
-#       secondary: true
-#     pdns_auth_powerdns_repo_49:
-#       apt_repo_origin: "repo.powerdns.com"
-#       apt_repo: "deb http://repo.powerdns.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }}-auth-49 main"
-#       gpg_key: "http://repo.powerdns.com/FD380FBB-pub.asc"
-#       gpg_key_id: "9FAAA5577E8FCF62093D036C1B0C6205FD380FBB"
-#       yum_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49"
-#       yum_debug_symbols_repo_baseurl: "http://repo.powerdns.com/centos/$basearch/$releasever/auth-49/debug"
-#       name: "powerdns-auth-49"
-#   roles:
-#     - { role: PowerDNS.pdns,
-#         pdns_install_repo: "{{ pdns_auth_powerdns_repo_49 }}" }
-#   tasks:
-#     - name: "Add DNS allow rule in ufw"
-#       community.general.ufw:
-#         rule: allow
-#         to_port: "53"
-#         protocol: udp
+      when: ufw_status == "enabled"
diff --git a/30_knot_slave_setup.yaml b/30_knot_slave_setup.yaml
index 3b65e60..ab044c0 100644
--- a/30_knot_slave_setup.yaml
+++ b/30_knot_slave_setup.yaml
@@ -3,10 +3,10 @@
   hosts: slave_nameservers
   become: true
   vars:
-    identity: "ns2.ziesel.internal"
-    nsid: "ns2"
-    master_ip_acl: "192.168.2.19"
-    version: "Mans's DNS"
+    identity: "{{ dns_nsid }}.m4n5.nl"
+    nsid: "{{ dns_nsid }}"
+    master_ip_acl: "86.94.191.237, 2a02:a442:ba11::1ebd, 2a02:a442:ba11::53"
+    version: "off"
     knot_user: knot
     knot_group: knot
     catalog_domain: "catalog.internal."
@@ -52,9 +52,11 @@
         rule: allow
         to_port: "53"
         protocol: udp
+      when: ufw_status == "enabled"
 
     - name: "Add AXFR/IXFR allow rule in ufw"
       community.general.ufw:
         rule: allow
         to_port: "53"
         protocol: tcp
+      when: ufw_status == "enabled"
diff --git a/inventory.yaml b/inventory.yaml
index f161aee..4e2db82 100644
--- a/inventory.yaml
+++ b/inventory.yaml
@@ -1,23 +1,45 @@
 all:
   hosts:
-    pi5:
+    pi5.internal.mziesel.nl:
       ansible_host: 192.168.2.19
       ansible_user: ansible
-      ansible_ssh_port: 2222
       ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
       ansible_python_interpreter: /usr/bin/python3
+      ansible_ssh_port: 2222
       ssh_port: 2222
-    knot-dns-test:
-      ansible_host: 192.168.2.143
+      ufw_status: enabled
+      dns_nsid: ns1
+    srv01.nur.mziesel.nl:
+      ansible_user: ansible
+      ansible_python_interpreter: /usr/bin/python3
+      ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
+      ufw_status: disabled
+      ssh_port: 22
+      dns_nsid: ns2
+    srv03.oci.mziesel.nl:
       ansible_user: ansible
       ansible_ssh_private_key_file: ~/.ssh/ansible_id_ed25519
       ansible_python_interpreter: /usr/bin/python3
+      ufw_status: disabled
       ssh_port: 22
+      dns_nsid: ns3
+    # auth-dns-slave.internal.mziesel.nl:
+    #   ansible_host: 192.168.2.143
+    #   ansible_user: ansible
+    #   ansible_python_interpreter: /usr/bin/python3
+    #   ufw_status: enabled
+    #   ssh_port: 22
+    #   dns_nsid: ns4
+  vars:
+    # nur01, oci03, internal-test
+    axfr_ips: "85.235.66.180, 2a03:4000:32:1ae:889d:dbff:fea1:9df7, 143.47.189.110, 2603:c022:c001:c601:7b56:9459:93ba:11b6"
 
   children:
     master_nameservers:
       hosts:
-        pi5:
+        pi5.internal.mziesel.nl:
     slave_nameservers:
       hosts:
-        knot-dns-test:
+        srv01.nur.mziesel.nl:
+        srv03.oci.mziesel.nl:
+        # auth-dns-slave.internal.mziesel.nl:
diff --git a/templates/knot.conf.j2 b/templates/knot.conf.j2
index e33320b..831f0b7 100644
--- a/templates/knot.conf.j2
+++ b/templates/knot.conf.j2
@@ -1,6 +1,6 @@
 server:
     identity: {{ identity }}
-    version: "{{ version }}"
+    version: off
     nsid: {{ nsid }}
     rundir: "/run/knot"
     user: {{ knot_user }}:{{ knot_group }}