diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix
index 8692b17..985a0cb 100644
--- a/hosts/proxy/default.nix
+++ b/hosts/proxy/default.nix
@@ -223,6 +223,43 @@
           "127.0.0.1"
         ];
         listenOnIpv6 = [ ];
+        zones = {
+          "htw.stura-dresden.de" = {
+            master = true;
+            file = pkgs.writeText "htw.stura-dresden.de.zone" ''
+              $TTL 3600
+              @       IN      SOA     proxy.htw.stura-dresden.de. hostmaster.htw.stura-dresden.de. (
+                                      2026031301      ; Serial (YYYYMMDDNN)
+                                      3600            ; Refresh (1 hour)
+                                      1800            ; Retry (30 minutes)
+                                      604800          ; Expire (1 week)
+                                      86400 )         ; Minimum TTL (1 day)
+
+              ; Name servers
+              @       IN      NS      proxy.htw.stura-dresden.de.
+
+              ; Proxy host - main IPv4 gateway
+              proxy   IN      A       141.56.51.1
+              proxy   IN      AAAA    2a01:4f8:1c19:96f8::1
+
+              ; Auto-generated CNAME records for all subdomains pointing to proxy
+              ${lib.foldlAttrs (
+                prev: name: value:
+                let
+                  zoneSuffix = ".htw.stura-dresden.de";
+                  # Check if this domain belongs to our zone
+                  isInZone = lib.hasSuffix zoneSuffix value.domain;
+                  # Extract subdomain by removing the zone suffix
+                  subdomain = lib.removeSuffix zoneSuffix value.domain;
+                in
+                if isInZone && subdomain != "" && subdomain != "htw.stura-dresden.de" then
+                  prev + "${subdomain}${" "}IN${" "}CNAME${" "}proxy.htw.stura-dresden.de.\n"
+                else
+                  prev
+              ) "" forwards}
+            '';
+          };
+        };
       };
 
       # Chrony NTP server for the internal network