diff --git a/nixos/telperion/configuration.nix b/nixos/telperion/configuration.nix
index dc335db..2b45563 100644
--- a/nixos/telperion/configuration.nix
+++ b/nixos/telperion/configuration.nix
@@ -11,12 +11,16 @@
     ];
 
   sops = {
-    # Mounts unencrypted sops values at /run/secrets/bind/rndc_keys/externaldns accessible by root only by default.
+    # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
     secrets = {
       "bind/rndc-keys/externaldns" = {
         owner = config.users.users.named.name;
         inherit (config.users.users.named) group;
       };
+      "bind/zones/jahanson.tech" = {
+        owner = config.users.users.named.name;
+        inherit (config.users.users.named) group;
+      };
     };
   };
 
@@ -53,7 +57,9 @@
 
   services.bind = {
     enable = true;
-    extraConfig = import ./config/bind.nix {inherit config;};
+    extraConfig = ''
+      import ./config/bind.nix {inherit config;};
+    '';
   };
 
   # Some programs need SUID wrappers, can be configured further or are