{
  nixosConfigurations,
  config,
  lib,
  pkgs,
  ...
}:
let
  inherit (lib) types;

in
{

  options.dns = {
    enable = lib.mkEnableOption "dns zones via nix";

    # contains dns entries defined on the local host
    zones = lib.mkOption {
      type = types.attrsOf pkgs.dnsNix.types.subzone;
      default = { };
    };

    # contains dns entries defined on the local host and on remote hosts, merged together
    allZones = lib.mkOption {
      type = types.attrsOf pkgs.dnsNix.types.zone;
      default = { };
    };

    zoneFiles = lib.mkOption {
      type = types.attrsOf types.path;
      readOnly = true;
      default = lib.mapAttrs (
        name: zone:
        toString (
          pkgs.writeTextFile {
            name = "${name}.zone";
            text = pkgs.dnsNix.types.zoneToString name (pkgs.dnsNix.evalZone name zone);
          }
        )
      ) config.dns.allZones;
    };
  };

  config = lib.mkIf config.dns.enable {
    # serve records defined in all host configs
    dns.allZones = lib.mkMerge (
      lib.flip lib.mapAttrsToList nixosConfigurations (
        _hostName: machineConfig: machineConfig.config.dns.zones
      )
    );
  };

}