diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8073159
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+# DNS Records des Natenom e. V.
+
+## Zone-Dateien generieren
+
+Nach jeder Änderung sollen die Zonen-Dateien generiert werden.
+Das ist besonders einfach mit der Bash-Funktion `generate-zone-file [domain]`
+in der Nix-DevShell (`nix develop`) möglich. 
+
+Diese führt im Hintergrund folgendes aus (Beispiel):
+
+```
+dnscontrol get-zone --format=zone --out natenom.org.zone desec - natenom.org
+```
diff --git a/dnsconfig.js b/dnsconfig.js
index 7d8c6ec..a1a3c77 100644
--- a/dnsconfig.js
+++ b/dnsconfig.js
@@ -1,6 +1,12 @@
 var DNS_DESEC = NewDnsProvider("desec");
 var REG_NONE = NewRegistrar("none");
 
+// Records
+var A_NATENOM_MAIN = function (name) { return A(name, "188.245.198.27") };
+var AAAA_NATENOM_MAIN = function (name) { return AAAA(name, "2a01:4f8:c013:3235::1") };
+var CAA_DEFAULT = CAA("@", "issue", "letsencrypt.org");
+
+// Addresses
 var NATENOM_MAIN = "natenom-main.natenom.org.";
 var WEBSYNTHESIS_MX = "mx.websynthesis.org.";
 
diff --git a/domains/kagube.de.js b/domains/kagube.de.js
new file mode 100644
index 0000000..0c0ffa1
--- /dev/null
+++ b/domains/kagube.de.js
@@ -0,0 +1,12 @@
+D("kagube.de", REG_NONE, DnsProvider(DNS_DESEC),
+    DefaultTTL("1h"),
+    NAMESERVER_TTL("1h"),
+
+    A_NATENOM_MAIN("@"),
+    A_NATENOM_MAIN("www"),
+
+    AAAA_NATENOM_MAIN("@"),
+    AAAA_NATENOM_MAIN("www"),
+
+    CAA_DEFAULT,
+);
diff --git a/domains/natenom.com.js b/domains/natenom.com.js
new file mode 100644
index 0000000..b47f4a1
--- /dev/null
+++ b/domains/natenom.com.js
@@ -0,0 +1,22 @@
+D("natenom.com", REG_NONE, DnsProvider(DNS_DESEC),
+    DefaultTTL("1h"),
+    NAMESERVER_TTL("1h"),
+
+    A_NATENOM_MAIN("@"),
+    A_NATENOM_MAIN("bn"),
+    A("mail", "94.16.117.219"),
+
+    AAAA_NATENOM_MAIN("@"),
+    AAAA_NATENOM_MAIN("bn"),
+    AAAA("mail", "2a03:4000:29:168::1"),
+
+    CAA_DEFAULT,
+
+    CNAME("blog", "bn"),
+    CNAME("m", "mumble"),
+    CNAME("mumble", "talk.cozy.town."),
+    CNAME("wiki", "bn"),
+    CNAME("www", "bn"),
+
+    MX("@", 10, "mail"),
+);
diff --git a/domains/natenom.de.js b/domains/natenom.de.js
new file mode 100644
index 0000000..fed5020
--- /dev/null
+++ b/domains/natenom.de.js
@@ -0,0 +1,24 @@
+D("natenom.de", REG_NONE, DnsProvider(DNS_DESEC),
+    DefaultTTL("1h"),
+    NAMESERVER_TTL("1h"),
+
+    A_NATENOM_MAIN("@"),
+    A_NATENOM_MAIN("bn"),
+    A("mail", "94.16.117.219"),
+
+    AAAA_NATENOM_MAIN("@"),
+    AAAA_NATENOM_MAIN("bn"),
+    AAAA("mail", "2a03:4000:29:168::1"),
+
+    CAA_DEFAULT,
+
+    CNAME("comments", "bn"),
+    CNAME("f", "bn"),
+    CNAME("m", "mumble"),
+    CNAME("mumble", "talk.cozy.town."),
+    CNAME("wiki", "bn"),
+    CNAME("wikiarchiv", "bn"),
+    CNAME("www", "bn"),
+
+    MX("@", 10, "mail"),
+);
diff --git a/domains/natenom.name.js b/domains/natenom.name.js
new file mode 100644
index 0000000..0cb5b97
--- /dev/null
+++ b/domains/natenom.name.js
@@ -0,0 +1,10 @@
+D("natenom.name", REG_NONE, DnsProvider(DNS_DESEC),
+    DefaultTTL("1h"),
+    NAMESERVER_TTL("1h"),
+
+    A_NATENOM_MAIN("@"),
+    A_NATENOM_MAIN("www"),
+
+    AAAA_NATENOM_MAIN("@"),
+    AAAA_NATENOM_MAIN("www"),
+);
diff --git a/domains/natenom.org.js b/domains/natenom.org.js
index b1bcf7e..dca68b7 100644
--- a/domains/natenom.org.js
+++ b/domains/natenom.org.js
@@ -2,11 +2,13 @@ D("natenom.org", REG_NONE, DnsProvider(DNS_DESEC),
     DefaultTTL("1h"),
     NAMESERVER_TTL("1h"),
 
-    A("@", "188.245.198.27"),
-    A("natenom-main", "188.245.198.27"),
+    A_NATENOM_MAIN("@"),
+    A_NATENOM_MAIN("natenom-main"),
 
-    AAAA("@", "2a01:4f8:c013:3235::1"),
-    AAAA("natenom-main", "2a01:4f8:c013:3235::1"),
+    AAAA_NATENOM_MAIN("@"),
+    AAAA_NATENOM_MAIN("natenom-main"),
+
+    CAA_DEFAULT,
 
     CNAME("dev", "@"),
     CNAME("www", "@"),
diff --git a/flake.nix b/flake.nix
index cdf082f..b3ee75f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,6 +6,7 @@
     self,
   }: let
     pkgs = nixpkgs;
+    lib = pkgs.lib;
 
     mkAllSystems = lib.genAttrs [
       "aarch64-darwin"
@@ -14,26 +15,41 @@
       "x86_64-darwin"
       "x86_64-linux"
     ];
-
-    inherit (pkgs) lib;
   in {
     formatter = mkAllSystems (system: pkgs.legacyPackages.${system}.alejandra);
 
     devShells = mkAllSystems (system: let
       pkgs = nixpkgs.legacyPackages.${system};
-
-      inherit (pkgs) mkShell;
-    in rec {
-      default = mkShell {
+    in {
+      default = pkgs.mkShell {
         nativeBuildInputs = [pkgs.dnscontrol];
 
-        shellHook = ''
-          echo "Bitte einen deSEC-Auth-Token eingeben:"
-          read -rs DESEC_AUTH_TOKEN
-          export DESEC_AUTH_TOKEN
-        '';
+        shellHook =
+          # Auth Token
+          ''
+            echo "Bitte einen deSEC-Auth-Token eingeben:"
+            read -rs DESEC_AUTH_TOKEN
+            export DESEC_AUTH_TOKEN
+          ''
+          # Mini-Anleitung
+          + ''
+            echo ""
+            echo "Prüfen: dnscontrol preview"
+            echo "Ausrollen: dnscontrol push"
+            echo "Zone-Dateien generieren: generate-zone-file [domain]"
+            echo ""
+          ''
+          # Zonen-Datei generieren
+          + ''
+            generate-zone-file () {
+              if [[ "$1" != "" ]]; then
+                dnscontrol get-zone --format=zone --out $1.zone' desec - $1
+              else
+                echo "Bitte eine valide Domain eingeben"
+              fi
+            };
+          '';
       };
     });
   };
 }
-
diff --git a/kagube.de.zone b/kagube.de.zone
new file mode 100644
index 0000000..d292585
--- /dev/null
+++ b/kagube.de.zone
@@ -0,0 +1,10 @@
+$ORIGIN kagube.de.
+$TTL 3600
+@                IN NS    ns1.desec.io.
+                 IN NS    ns2.desec.org.
+                 IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+                 IN CAA   0 issue "letsencrypt.org"
+www              IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+
diff --git a/natenom.com.zone b/natenom.com.zone
new file mode 100644
index 0000000..a6b273b
--- /dev/null
+++ b/natenom.com.zone
@@ -0,0 +1,18 @@
+$ORIGIN natenom.com.
+$TTL 3600
+@                IN NS    ns1.desec.io.
+                 IN NS    ns2.desec.org.
+                 IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+                 IN MX    10 mail.natenom.com.
+                 IN CAA   0 issue "letsencrypt.org"
+blog             IN CNAME bn.natenom.com.
+bn               IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+m                IN CNAME mumble.natenom.com.
+mail             IN A     94.16.117.219
+                 IN AAAA  2a03:4000:29:168::1
+mumble           IN CNAME talk.cozy.town.
+wiki             IN CNAME bn.natenom.com.
+www              IN CNAME bn.natenom.com.
+
diff --git a/natenom.de.zone b/natenom.de.zone
new file mode 100644
index 0000000..5532da1
--- /dev/null
+++ b/natenom.de.zone
@@ -0,0 +1,20 @@
+$ORIGIN natenom.de.
+$TTL 3600
+@                IN NS    ns1.desec.io.
+                 IN NS    ns2.desec.org.
+                 IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+                 IN MX    10 mail.natenom.de.
+                 IN CAA   0 issue "letsencrypt.org"
+bn               IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+comments         IN CNAME bn.natenom.de.
+f                IN CNAME bn.natenom.de.
+m                IN CNAME mumble.natenom.de.
+mail             IN A     94.16.117.219
+                 IN AAAA  2a03:4000:29:168::1
+mumble           IN CNAME talk.cozy.town.
+wiki             IN CNAME bn.natenom.de.
+wikiarchiv       IN CNAME bn.natenom.de.
+www              IN CNAME bn.natenom.de.
+
diff --git a/natenom.name.zone b/natenom.name.zone
new file mode 100644
index 0000000..ec327dc
--- /dev/null
+++ b/natenom.name.zone
@@ -0,0 +1,9 @@
+$ORIGIN natenom.name.
+$TTL 3600
+@                IN NS    ns1.desec.io.
+                 IN NS    ns2.desec.org.
+                 IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+www              IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+
diff --git a/natenom.org.zone b/natenom.org.zone
new file mode 100644
index 0000000..5d3fb42
--- /dev/null
+++ b/natenom.org.zone
@@ -0,0 +1,26 @@
+$ORIGIN natenom.org.
+$TTL 3600
+@                IN NS    ns1.desec.io.
+                 IN NS    ns2.desec.org.
+                 IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+                 IN MX    0 mx.websynthesis.org.
+                 IN TXT   "v=spf1 mx a -all"
+                 IN CAA   0 issue "letsencrypt.org"
+dkim._domainkey  IN TXT   "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/pwZeHei9J55sOLsdTNb7DHEAICcsGNzFQJV7cTXIbWW6fTmUx4Fnaf9vgcPSEOZH0nPDPzMQfc05mcAIhbSaygIoRhvg8CJvZorW0FLXxBSpvXmwfH6mS/wxrdbPR+2NvbArOyLGAwcE8h3g5UVzchvm8Di1DNU6XXYCxXaMHYv4tl03WBM9U" "PqMd1U0QfXgzyzPNvtjIEe1Hrm96xAyJ9BjrZQJC2KsET/vKY0LjmdAi8Cvt6pO+pjzqGOTTekwL2MsdTYObv75xmubL27O7viLO/ekxPpHGBxXRrsPd07el+yF9tKEj2VTK3pPOGbX/fXtA4HxEZz4sE4U4hZQIDAQAB"
+_autodiscover._tcp IN SRV 0 0 443 mx.websynthesis.org.
+archive          IN CNAME natenom-main.natenom.org.
+autoconfig       IN CNAME mx.websynthesis.org.
+autodiscover     IN CNAME mx.websynthesis.org.
+ci               IN CNAME natenom-main.natenom.org.
+dev              IN CNAME natenom.org.
+git              IN CNAME natenom-main.natenom.org.
+m                IN CNAME mumble.natenom.de.
+mumble           IN CNAME mumble.natenom.de.
+natenom-main     IN A     188.245.198.27
+                 IN AAAA  2a01:4f8:c013:3235::1
+pad              IN CNAME natenom-main.natenom.org.
+status           IN CNAME cozytown-status.cozy.town.
+up               IN CNAME cozytown-status.cozy.town.
+www              IN CNAME natenom.org.
+