diff --git a/playbook.yml b/playbook.yml
index 40c69e6..b33f0c0 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -25,4 +25,5 @@
     - { role: monit, tags: [ 'monit' ] }
     - { role: stb-wordpress-docker, tags: [ 'stb', 'docker' ] }
     - { role: traefik-proxy-docker, tags: [ 'traefik', 'docker' ] }
+    - { role: ddns-docker, tags: [ 'ddns', 'docker' ] }
 
diff --git a/roles/daily-backup/templates/fullBackup.sh b/roles/daily-backup/templates/fullBackup.sh
index e7057eb..d411f1e 100755
--- a/roles/daily-backup/templates/fullBackup.sh
+++ b/roles/daily-backup/templates/fullBackup.sh
@@ -3,7 +3,7 @@ set -e
 
 touch /backups/backup-ongoing
 
-REPOSITORY=ssh://backup@phf.ddns.net:2222/./backup
+REPOSITORY=ssh://backup@phf.ddns.banditlair.com:2222/./backup
 
 export BORG_PASSPHRASE='{{backup_borg_passphrase}}'
 
diff --git a/roles/ddns-docker/files/ddns/docker-compose.yml b/roles/ddns-docker/files/ddns/docker-compose.yml
new file mode 100644
index 0000000..6b4eef7
--- /dev/null
+++ b/roles/ddns-docker/files/ddns/docker-compose.yml
@@ -0,0 +1,31 @@
+version: '3'
+
+networks:
+  web:
+    external:
+      name: web
+
+services:
+  ddns:
+    image: davd/docker-ddns:latest
+    restart: unless-stopped
+    environment:
+      RECORD_TTL: 60
+      ZONE: ddns.banditlair.com
+      SHARED_SECRET: changeme
+    labels:
+      - "traefik.backend=ddns"
+      - "traefik.docker.network=web"
+      - "traefik.frontend.rule=Host:ns.banditlair.com"
+      - "traefik.enable=true"
+      - "traefik.port=8080"
+      - "traefik.default.protocol=http"
+    expose:
+      - 8080
+    ports:
+      - "53:53"
+      - "53:53/udp"
+    networks:
+      - web
+    volumes:
+      - /var/lib/ddns/bind:/var/cache/bind
\ No newline at end of file
diff --git a/roles/ddns-docker/meta/main.yml b/roles/ddns-docker/meta/main.yml
new file mode 100644
index 0000000..d29ba3a
--- /dev/null
+++ b/roles/ddns-docker/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - traefik-proxy-docker
\ No newline at end of file
diff --git a/roles/ddns-docker/tasks/main.yml b/roles/ddns-docker/tasks/main.yml
new file mode 100644
index 0000000..312d323
--- /dev/null
+++ b/roles/ddns-docker/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Copy ddns config
+  copy: 
+    src: ddns
+    dest: "{{docker_compose_files_folder}}"
+
+- name: Start ddns docker project
+  docker_service:
+    project_src: "{{docker_compose_files_folder}}/ddns"
+    state: present
diff --git a/roles/scripts/files/proxyFirewall.sh b/roles/scripts/files/proxyFirewall.sh
index 10dda11..4719d15 100644
--- a/roles/scripts/files/proxyFirewall.sh
+++ b/roles/scripts/files/proxyFirewall.sh
@@ -9,10 +9,10 @@ iptables -X
 
 echo 1 > /proc/sys/net/ipv4/ip_forward
 
-PORTS_TO_FORWARD_TCP="25 80 110 143 443 465 587 993 995 2224 3478 8008 8448 27015 64738"
-PORTS_TO_FORWARD_UDP="34197 64738"
-DESTINATION_IP="212.83.165.111"
-#DESTINATION_IP="5.9.66.49"
+PORTS_TO_FORWARD_TCP="25 53 80 110 143 443 465 587 993 995 2224 3478 8008 8448 27015 64738"
+PORTS_TO_FORWARD_UDP="53 34197 64738"
+#DESTINATION_IP="212.83.165.111"
+DESTINATION_IP="5.9.66.49"
 
 for port in `echo $PORTS_TO_FORWARD_TCP`
 do
@@ -25,4 +25,4 @@ do
 	iptables -t nat -A PREROUTING -p udp -m udp --dport ${port} -j DNAT --to-destination ${DESTINATION_IP}
 	iptables -A FORWARD -d ${DESTINATION_IP}/32 -p tcp -m tcp --dport ${port} -j ACCEPT
 done
-iptables -t nat -A POSTROUTING -j MASQUERADE
\ No newline at end of file
+iptables -t nat -A POSTROUTING -j MASQUERADE