diff --git a/authoritative-dns.nix b/authoritative-dns.nix
index 60bdf1f..183b2ab 100644
--- a/authoritative-dns.nix
+++ b/authoritative-dns.nix
@@ -69,21 +69,21 @@ in {
   imports = [ ./nsd.nix ];
 
   config = mkIf cfg.enable {
-    # services.fudo-nsd = {
-    #   enable = true;
-    #   identity = cfg.identity;
-    #   interfaces = cfg.listen-ips;
-    #   stateDirectory = cfg.state-directory;
-    #   zones = mapAttrs' (dom: domCfg:
-    #     let zoneCfg = domCfg.zone;
-    #     in nameValuePair "${dom}." {
-    #       dnssec = zoneCfg.ksk.key-file != null;
-    #       ksk.keyFile =
-    #         mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
-    #       data = let
-    #         content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
-    #       in trace content content;
-    #     }) cfg.domains;
-    # };
+    services.fudo-nsd = {
+      enable = true;
+      identity = cfg.identity;
+      interfaces = cfg.listen-ips;
+      stateDirectory = cfg.state-directory;
+      zones = mapAttrs' (dom: domCfg:
+        let zoneCfg = domCfg.zone;
+        in nameValuePair "${dom}." {
+          dnssec = zoneCfg.ksk.key-file != null;
+          ksk.keyFile =
+            mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
+          data = let
+            content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
+          in trace content content;
+        }) cfg.domains;
+    };
   };
 }
diff --git a/nsd.nix b/nsd.nix
index 49d604e..a0dc327 100644
--- a/nsd.nix
+++ b/nsd.nix
@@ -506,13 +506,6 @@ let
       ${stateDir}/zones/${name}.signed &&
     mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
   '';
-  # signZone = name: zone: ''
-  #   ${dnssecTools}/bin/dnssec-keymgr -g ${dnssecTools}/bin/dnssec-keygen -s ${dnssecTools}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${
-  #     policyFile name zone.dnssecPolicy
-  #   } ${name}
-  #   ${dnssecTools}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
-  #   ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
-  # '';
   policyFile = name: policy:
     pkgs.writeText "${name}.policy" ''
       zone ${name} {
@@ -530,7 +523,6 @@ let
       };
     '';
 in {
-  # options are ordered alphanumerically
   options.services.fudo-nsd = {
 
     enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");
@@ -930,7 +922,7 @@ in {
                   @ IN SOA a.ns.example.com. admin.example.com. (
                   ...
                 ''';
-              };
+                  };
               "example.org." = {
                 data = '''
                   $ORIGIN example.org.
@@ -938,9 +930,9 @@ in {
                   @ IN SOA a.ns.example.com. admin.example.com. (
                   ...
                 ''';
+                  };
+              };
               };
-            };
-          };
 
           "example.net." = {
             provideXFR = [ "10.3.2.1 NOKEY" ];
@@ -948,7 +940,7 @@ in {
               ...
             ''';
           };
-        }
+            }
       '';
       description = lib.mdDoc ''
         Define your zones here. Zones can cascade other zones and therefore