diff --git a/roles/mail/templates/docker-compose.yml.j2 b/roles/mail/templates/docker-compose.yml.j2
index 7a7c664..08524e4 100644
--- a/roles/mail/templates/docker-compose.yml.j2
+++ b/roles/mail/templates/docker-compose.yml.j2
@@ -45,4 +45,6 @@ services:
       - POSTMASTER_ADDRESS={{ postmaster_email }}
     dns:
       - {{ nameserver_ip }}
+    extra_hosts:
+      - "lldap.internal.simponic.xyz:{{ johan_ip }}"
     restart: always
diff --git a/roles/vpn/templates/config.yml.j2 b/roles/vpn/templates/config.yml.j2
index 64e00fb..88393a2 100644
--- a/roles/vpn/templates/config.yml.j2
+++ b/roles/vpn/templates/config.yml.j2
@@ -177,7 +177,8 @@ dns_config:
 
   # List of DNS servers to expose to clients.
   nameservers:
-    - {{ nameserver_ip }}
+    - 1.1.1.1
+    - 1.0.0.1
 
   # NextDNS (see https://tailscale.com/kb/1218/nextdns/).
   # "abc123" is example NextDNS ID, replace with yours.
@@ -200,8 +201,12 @@ dns_config:
   #   darp.headscale.net:
   #     - 1.1.1.1
   #     - 8.8.8.8
+  restricted_nameservers:
+    internal.simponic.xyz:
+      - {{ nameserver_ip }}
+    hatecomputers.club:
+      - {{ nameserver_ip }}
 
-  # Search domains to inject.
   domains: ['simponic.xyz', 'internal.simponic.xyz']
 
   # Extra DNS records