diff --git a/hosts/prefect/services/nsd/default.nix b/hosts/prefect/services/nsd/default.nix
index ce18ba5..882c4b6 100644
--- a/hosts/prefect/services/nsd/default.nix
+++ b/hosts/prefect/services/nsd/default.nix
@@ -62,6 +62,14 @@ in {
         provideXFR = provideXFRServers;
         notify = notifyServers;
       };
+      "pyrox.dev" = {
+        # Enable DNSSEC for mrhedge.me
+        ## Disabled until nixpkgs issue #169442 is fixed.
+        dnssec = false;
+        data = dns.toString "pyrox.dev" (import ./pyrox.dev.nix {inherit dns;});
+        provideXFR = provideXFRServers;
+        notify = notifyServers;
+      };
     };
   };
 }
diff --git a/hosts/prefect/services/nsd/pyrox.dev.nix b/hosts/prefect/services/nsd/pyrox.dev.nix
new file mode 100644
index 0000000..93efa46
--- /dev/null
+++ b/hosts/prefect/services/nsd/pyrox.dev.nix
@@ -0,0 +1,84 @@
+{dns, ...}:
+with dns.combinators; {
+  SOA = {
+    nameServer = "ns1.pyrox.dev.";
+    adminEmail = "me@thehedgehog.me";
+    serial = 2022121601;
+    # Refresh the records every hour
+    refresh = 3600;
+    # If retry fails, retry after 10 minutes
+    retry = 600;
+    # Expire every 2 weeks
+    expire = 14 * 24 * 60 * 60;
+  };
+
+  # Set Primary root records
+  A = ["5.161.140.5"];
+  AAAA = ["2a01:4ff:f0:98bf::1"];
+
+  # Set primary nameserver to my nameserver.
+  NS = [
+    "ns1.pyrox.dev."
+    "ns2.pyrox.dev."
+    "ns2.afraid.org."
+    "ns2.he.net."
+    "ns3.he.net."
+  ];
+
+  TXT = [
+  (with spf; strict [""])
+    # PGP Key fingerprint for Keyoxide
+    "https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"
+  ];
+
+  DKIM = [{selector = "*"; p="";}];
+  ## Set DMARC Policy
+  DMARC = [{
+    p = "reject";
+    sp = "reject";
+    adkim = "strict";
+    aspf = "strict";
+  }];
+
+
+  CAA = letsEncrypt "me@thehedgehog.me";
+
+  subdomains = rec {
+    prefect = host "5.161.140.5" "2a01:4ff:f0:98bf::1";
+
+    ns1.A = ["5.161.140.5"];
+    ns1.AAAA = ["2a01:4ff:f0:98bf::1"];
+    ns2.A = ["5.161.140.5"];
+    ns2.AAAA = ["2a01:4ff:f0:98bf::1"];
+
+    adguard = prefect;
+    auth = prefect;
+    bw = prefect;
+    cache = prefect;
+    dash = prefect;
+    dav = prefect;
+    deemix = prefect;
+    dn42 = prefect;
+    git = prefect;
+    grocy = prefect;
+    hydra = prefect;
+    matrix = prefect;
+    media = prefect;
+    link = prefect;
+    reddit = prefect;
+    rss = prefect;
+    rss-bridge = prefect;
+    sis = host "116.203.62.235" "2a01:4f8:1c1c:9cf3::1";
+    stats = prefect;
+    sync = prefect;
+    todo = prefect;
+    wm = prefect;
+    openpgpkey = prefect;
+
+    # Externally hosted stuff
+    mc.NS = [ "galileo.aternos.org." "columbus.aternos.org." ];
+
+    ## Statuspage, hosted at PikaPods
+    status.CNAME = ["thankful-junglefowl.pikapod.net."];
+  };
+}