diff --git a/infra/dns-public.yaml b/infra/dns-public.yaml
new file mode 100644
index 0000000..b3e7255
--- /dev/null
+++ b/infra/dns-public.yaml
@@ -0,0 +1,192 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-external
+  namespace: kube-system
+data:
+  Corefile: |-
+    lb.homelab.lumpiasty.xyz.:53 {
+        view externalv4 {
+            expr type() in ['A'] 
+            expr not hasSuffix(name(), '.in-addr.arpa.')
+        }
+        log . {
+            class all
+        }
+        template IN A {
+          answer "{{ .Name }} 60 IN A 139.28.40.212"
+        }
+    }
+    .:53 {
+        # Filter out anything IPv4 related
+        view external {
+            expr type() in ['AAAA', 'SRV', 'PTR'] 
+            expr not hasSuffix(name(), '.in-addr.arpa.')
+        }
+        errors
+        health {
+            lameduck 5s
+        }
+        ready
+        log . {
+            class error
+        }
+        # Exposes kubernetes domain names under homelab.lumpiasty.xyz
+        # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
+        kubernetes homelab.lumpiasty.xyz ip6.arpa {
+            pods insecure
+            endpoint_pod_names
+            ttl 30
+        }
+        # Exposes loadbalancer domain names under lb.homelab.lumpiasty.xyz
+        k8s_external lb.homelab.lumpiasty.xyz {
+            ttl 30
+        }
+        # Cache results to reduce stress on apiserver
+        cache 30 {
+            disable success homelab.lumpiasty.xyz
+            disable denial homelab.lumpiasty.xyz
+        }
+        reload
+        loadbalance
+    }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: kube-dns-external
+    kubernetes.io/name: CoreDNS
+  name: coredns-external
+  namespace: kube-system
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      k8s-app: kube-dns-external
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-dns-external
+    spec:
+      subdomain: kube-dns-external
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchExpressions:
+                    - key: k8s-app
+                      operator: In
+                      values:
+                        - kube-dns
+                topologyKey: kubernetes.io/hostname
+              weight: 100
+      containers:
+        - args:
+            - -conf
+            - /etc/coredns/Corefile
+          env:
+            - name: GOMEMLIMIT
+              value: 161MiB
+          image: registry.k8s.io/coredns/coredns:v1.12.0
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /health
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 60
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          name: coredns
+          ports:
+            - containerPort: 53
+              name: dns
+              protocol: UDP
+            - containerPort: 53
+              name: dns-tcp
+              protocol: TCP
+            - containerPort: 9153
+              name: metrics
+              protocol: TCP
+          readinessProbe:
+            failureThreshold: 3
+            httpGet:
+              path: /ready
+              port: 8181
+              scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          resources:
+            limits:
+              memory: 170Mi
+            requests:
+              cpu: 0
+              memory: 70Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+          volumeMounts:
+            - mountPath: /etc/coredns
+              name: config-volume
+              readOnly: true
+      dnsPolicy: Default
+      nodeSelector:
+        kubernetes.io/os: linux
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      serviceAccount: coredns
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - effect: NoSchedule
+          key: node.cloudprovider.kubernetes.io/uninitialized
+          operator: Exists
+      volumes:
+        - configMap:
+            defaultMode: 420
+            items:
+              - key: Corefile
+                path: Corefile
+            name: coredns-external
+          name: config-volume
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: kube-system
+  name: kube-dns-external
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ipFamilyPolicy: RequireDualStack
+  selector:
+    k8s-app: kube-dns-external
+  ports:
+    - name: dns
+      port: 53
+      targetPort: 53
+      protocol: UDP
+    - name: dns-tcp
+      port: 53
+      targetPort: 53
+      protocol: TCP
diff --git a/infra/kustomization.yaml b/infra/kustomization.yaml
index d9f72f9..3a773ad 100644
--- a/infra/kustomization.yaml
+++ b/infra/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - nginx.yaml
+  - dns-public.yaml