diff --git a/authoritative-dns.nix b/authoritative-dns.nix
index e3266eb..31d8488 100644
--- a/authoritative-dns.nix
+++ b/authoritative-dns.nix
@@ -67,16 +67,21 @@ in {
   imports = [ ./nsd.nix ];
 
   config = mkIf cfg.enable {
-    services.fudo-nsd = {
+    fileSystems."/var/lib/nsd" = {
+      device = cfg.state-directory;
+      options = [ "bind" ];
+    };
+
+    services.nsd = {
       enable = true;
       identity = cfg.identity;
       interfaces = cfg.listen-ips;
-      stateDirectory = cfg.state-directory;
+      # stateDirectory = cfg.state-directory;
       zones = mapAttrs' (dom: domCfg:
         let zoneCfg = domCfg.zone;
         in nameValuePair "${dom}." {
           dnssec = domCfg.ksk.key-file != null;
-          ksk.keyFile = domCfg.ksk.key-file;
+          # ksk.keyFile = domCfg.ksk.key-file;
           data = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
         }) cfg.domains;
     };