diff --git a/roles/dns-nsd/templates/nsd.conf.j2 b/roles/dns-nsd/templates/nsd.conf.j2
index 4d5ead7..8e6c185 100644
--- a/roles/dns-nsd/templates/nsd.conf.j2
+++ b/roles/dns-nsd/templates/nsd.conf.j2
@@ -1,4 +1,3 @@
-
 {#
 Copyright 2017-present Open Networking Foundation
 
@@ -15,31 +14,30 @@
 limitations under the License.
 #}
 
-
 # nsd.conf
-# configured by Ansible!
+# created by dns-nsd/templates/nsd.conf.j2
 
 server:
   hide-version: yes
 ## bind to a specific address/port
   ip-address: {{ nsd_ip }}
 ## port number
-  port: {{ nsd_port|default(53) }} 
+  port: {{ nsd_port }}
   server-count: 1
   ip4-only: yes
   zonesdir: {{ nsd_zonesdir }}
 
 remote-control:
-  control-enable: no
+  control-enable: yes
 
-# zones to load
+# zonefiles to load
 {% for zone in nsd_zones %}
 zone:
   name: {{ zone.name }}
   zonefile: {{ zone.name }}.forward
 
 zone:
-  name: {{ (zone.ipv4_first_octets ~ ".0") | ipaddr('revdns') | regex_replace('^0\.','') }} 
+  name: {{ zone.cidr | unbound_revdns }}
   zonefile: {{ zone.name }}.reverse
 
 {% endfor %}
diff --git a/roles/dns-nsd/templates/zone.forward.j2 b/roles/dns-nsd/templates/zone.forward.j2
index 613576f..86eae0c 100644
--- a/roles/dns-nsd/templates/zone.forward.j2
+++ b/roles/dns-nsd/templates/zone.forward.j2
@@ -1,4 +1,3 @@
-
 {#
 Copyright 2017-present Open Networking Foundation
 
@@ -15,10 +14,9 @@
 limitations under the License.
 #}
 
-
 ;## NSD authoritative only DNS
 ;## FORWARD Zone
-;# created by ansible
+;# created by dns-nsd/templates/zone.forward.j2
 
 $ORIGIN {{ item.name }}. ; default zone domain
 $TTL {{ item.ttl | default(dns_ttl) }} ; default time to live
@@ -37,9 +35,6 @@
 {% endfor %}
 
 ;A and CNAME records
-{% if name_on_public_interface is defined %}
-{{ name_on_public_interface }}    IN    A    {{ ansible_default_ipv4.address }}
-{% endif %}
 {% if item.aliases is defined %}
 {% for alias in item.aliases %}
 {{ alias.name }}    IN    CNAME    {{ alias.dest }}
@@ -50,7 +45,7 @@
 ; Created from nodelist: {{ nodelist }}
 {% set nodes = vars[nodelist] %}
 {% for node in nodes %}
-{{ node.name }}    IN    A    {{ item.ipv4_first_octets ~ "." ~ node.ipv4_last_octet }}
+{{ node.name }}    IN    A    {{ item.cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address') }}
 {% if node.aliases is defined %}
 {% for alias in node.aliases %}
 {{ alias }}    IN    CNAME    {{ node.name }}
diff --git a/roles/dns-nsd/templates/zone.reverse.j2 b/roles/dns-nsd/templates/zone.reverse.j2
index 1ddf7ba..fdfd73f 100644
--- a/roles/dns-nsd/templates/zone.reverse.j2
+++ b/roles/dns-nsd/templates/zone.reverse.j2
@@ -1,4 +1,3 @@
-
 {#
 Copyright 2017-present Open Networking Foundation
 
@@ -15,7 +14,6 @@
 limitations under the License.
 #}
 
-
 ;## NSD authoritative only DNS
 ;## REVERSE Zone for {{ item.name }}
 ;# created by ansible
@@ -23,7 +21,7 @@
 $ORIGIN {{ item.name }}. ; default zone domain
 $TTL {{ item.ttl | default(dns_ttl) }} ; default time to live
 
-{{ (item.ipv4_first_octets ~ ".0") | ipaddr('revdns') | regex_replace('^0\.','') }} IN SOA {{ item.soa }}.{{ item.name }}. admin.{{ item.name }}. (
+{{ item.cidr | unbound_revdns }} IN SOA {{ item.soa }}.{{ item.name }}. admin.{{ item.name }}. (
          {{ item.serial | default(ansible_date_time.epoch) }}   ; Serial, must be incremented every time you change this file
          3600        ; Refresh [1hr]
          600         ; Retry [10m]
@@ -37,7 +35,7 @@
 ; Created from nodelist: {{ nodelist }}
 {% set nodes = vars[nodelist] %}
 {% for node in nodes %}
-{{ (item.ipv4_first_octets ~ "." ~ node.ipv4_last_octet) | ipaddr('revdns') }} IN PTR {{ node.name }}
+{{ item.cidr | ipaddr(node.ipv4_last_octet) | ipaddr('revdns') }} IN PTR {{ node.name }}
 {% endfor %}
 {% endfor %}