diff --git a/roles/geomirror/tasks/main.yml b/roles/geomirror/tasks/main.yml
index 5373cb1c70113cb9e0665129461d630617091c10..55c15d03ab13cb32cd6309f8934f24c67ebbefdd 100644
--- a/roles/geomirror/tasks/main.yml
+++ b/roles/geomirror/tasks/main.yml
@@ -43,5 +43,8 @@
   tags:
     - firewall
 
+- name: open firewall hole
+  ansible.posix.firewalld: service=dns permanent=true state=enabled immediate=yes
+
 - name: start and enable powerdns
   systemd: name=pdns.service enabled=yes daemon_reload=yes state=started