diff --git a/roles/server/caddy.nix b/roles/server/caddy.nix
index 439f231..71029b9 100644
--- a/roles/server/caddy.nix
+++ b/roles/server/caddy.nix
@@ -23,9 +23,7 @@ in {
     extraConfig = ''
       (tailscale) {
         tls internal
-        # Old tailscale IP
-        # bind 100.73.96.48
-        bind 100.100.0.1
+        bind 100.73.96.48
       }
     '';
     virtualHosts = {
@@ -47,17 +45,10 @@ in {
       };
     };
   };
-  services.headscale.settings.dns_config.extra_records = let
-    makeRecords = builtins.map (recordName: {
-      name = recordName;
-      type = "A";
-      value = "100.100.0.1";
-    });
-  in
-    makeRecords [
-      manualHostname
-      downloadsHostname
-    ];
+  services.dnsmasq.settings.cname = [
+    "${manualHostname},everest"
+    "${downloadsHostname},everest"
+  ];
   systemd = {
     services.caddy.after = ["tailscaled.service"];
     # We have somewhat frequent power outages, and our ISP router takes
@@ -67,5 +58,4 @@ in {
     services.caddy.serviceConfig.RestartSec = lib.mkForce "120s";
   };
   programs.rust-motd.settings.service_status.Caddy = "caddy";
-  networking.firewall.allowedTCPPorts = [443 80];
 }
diff --git a/roles/server/default.nix b/roles/server/default.nix
index bc1a6ea..d1e29aa 100755
--- a/roles/server/default.nix
+++ b/roles/server/default.nix
@@ -11,8 +11,8 @@
     ./ddclient.nix
     ./beep.nix
     ./tailscale.nix
-    ./headscale.nix
     ./caddy.nix
+    ./dns.nix
     ./rust_motd.nix
     ./minecraft.nix
   ];
diff --git a/roles/server/dns.nix b/roles/server/dns.nix
new file mode 100644
index 0000000..1e446e5
--- /dev/null
+++ b/roles/server/dns.nix
@@ -0,0 +1,42 @@
+{...}: {
+  services.dnsmasq = {
+    enable = true;
+
+    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
+    resolveLocalQueries = false;
+
+    settings = {
+      listen-address = ["100.73.96.48"];
+
+      /*
+      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
+      From the little testing I have done it seems to not cause any issues, but better to be safe
+      than sorry :P
+      */
+      dns-loop-detect = true;
+
+      host-record = [
+        "winmax2,winmax2.tailscale,100.106.73.20"
+        "everest,everest.tailscale,100.73.96.48"
+        "archie,archie.tailscale,100.113.139.93"
+        "steamdeck,steamdeck.tailscale,100.85.48.85"
+        "surfacego,surfacego.tailscale,100.96.92.13"
+      ];
+
+      # If this isn't set a cname that targets a host might return the wrong ip
+      localise-queries = true;
+      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
+      filter-AAAA = true;
+      domain = "tailscale";
+      domain-needed = true;
+    };
+  };
+
+  programs.rust-motd.settings.service_status.dnsmasq = "dnsmasq";
+
+  # Dnsmasq conflicts with the resolved dns stub listener
+  services.resolved.extraConfig = ''
+    [Resolve]
+    DNSStubListener=no
+  '';
+}
diff --git a/roles/server/forgejo.nix b/roles/server/forgejo.nix
index 52b6847..65fbf83 100644
--- a/roles/server/forgejo.nix
+++ b/roles/server/forgejo.nix
@@ -44,14 +44,8 @@ in {
     };
   };
 
-  # Add a record for forgejo
-  services.headscale.settings.dns_config.extra_records = [
-    {
-      name = "git.everest.tailscale";
-      type = "A";
-      value = "100.100.0.1";
-    }
-  ];
+  # Add a cname for forgejo
+  services.dnsmasq.settings.cname = ["git.everest.tailscale,everest"];
 
   # Set up caddy as the reverse proxy for Forgejo
   services.caddy.virtualHosts.forgejo = {
diff --git a/roles/server/headscale.nix b/roles/server/headscale.nix
deleted file mode 100644
index 4575327..0000000
--- a/roles/server/headscale.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{...}: {
-  services.headscale = {
-    enable = true;
-    settings = {
-      server_url = "https://headscale.toast003.xyz";
-      ip_prefixes = [
-        "100.100.0.0/16"
-      ];
-      dns_config = {
-        base_domain = "tailscale";
-        nameservers = ["9.9.9.9"];
-        override_local_dns = true;
-      };
-    };
-  };
-  services.caddy = {
-    virtualHosts.headscale = {
-      hostName = "headscale.toast003.xyz";
-      extraConfig = ''
-        reverse_proxy localhost:8080
-      '';
-    };
-  };
-}
diff --git a/roles/server/syncthing.nix b/roles/server/syncthing.nix
index 74caa4b..e6409a9 100755
--- a/roles/server/syncthing.nix
+++ b/roles/server/syncthing.nix
@@ -39,14 +39,8 @@
     AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
   };
 
-  # Add a record for syncthing
-  services.headscale.settings.dns_config.extra_records = [
-    {
-      name = "sync.everest.tailscale";
-      type = "A";
-      value = "100.100.0.1";
-    }
-  ];
+  # Add a cname for syncthing
+  services.dnsmasq.settings.cname = ["sync.everest.tailscale,everest"];
 
   # Set up caddy as the reverse proxy for syncthing
   services.caddy.virtualHosts.syncthing = {
diff --git a/roles/server/transmission.nix b/roles/server/transmission.nix
index a1aafdb..e52f286 100755
--- a/roles/server/transmission.nix
+++ b/roles/server/transmission.nix
@@ -37,14 +37,8 @@ in {
     '';
   };
 
-  # Add a record for transmission
-  services.headscale.settings.dns_config.extra_records = [
-    {
-      name = "transmission.everest.tailscale";
-      type = "A";
-      value = "100.100.0.1";
-    }
-  ];
+  # Add a cname for transmission
+  services.dnsmasq.settings.cname = ["transmission.everest.tailscale,everest"];
 
   # Set up caddy as the reverse proxy for transmission
   services.caddy.virtualHosts.transmission = {