diff --git a/hieradata/roles/infra/dns/master.yaml b/hieradata/roles/infra/dns/master.yaml
index 84ed6cc..e9b81b7 100644
--- a/hieradata/roles/infra/dns/master.yaml
+++ b/hieradata/roles/infra/dns/master.yaml
@@ -1,8 +1,6 @@
 ---
-profiles::dns::master::nameservers:
-  - prodinf01n23.main.unkin.net
-  - prodinf01n24.main.unkin.net
-
+profiles::dns::master::ns_role: roles::infra::dns::master
+profiles::dns::master::use_ns: region
 profiles::dns::master::acls:
   acl-main.unkin.net:
     addresses:
diff --git a/site/profiles/manifests/dns/master.pp b/site/profiles/manifests/dns/master.pp
index a66b665..440325e 100644
--- a/site/profiles/manifests/dns/master.pp
+++ b/site/profiles/manifests/dns/master.pp
@@ -1,6 +1,5 @@
 # profiles::dns::master authoritative service
 class profiles::dns::master (
-  Array[String] $nameservers,
   Stdlib::AbsolutePath $basedir,
   Hash    $acls  = {},
   Hash    $zones = {},
@@ -13,8 +12,27 @@ class profiles::dns::master (
   String  $owner = 'root',
   String  $group = 'named',
   Boolean $dnssec = false,
+  Variant[String, Undef]            $ns_role = undef,
+  Enum['all', 'region', 'country']  $use_ns  = 'all',
 ){
 
+  # if ns_role is set, find all hosts matching that enc_role, otherwise use the current host
+  $nameservers_array = $ns_role ? {
+    undef   => [$facts['networking']['fqdn']],
+    default => $use_ns ? {
+      'all'     => query_nodes("enc_role='${ns_role}'", 'networking.fqdn'),
+      'region'  => query_nodes("enc_role='${ns_role}' and region=${facts['region']}", 'networking.fqdn'),
+      'country' => query_nodes("enc_role='${ns_role}' and country=${facts['country']}", 'networking.fqdn'),
+    }
+  }
+
+  # if nameservers is empty, use the current host, otherwise use nameservers_array as nameservers
+  $nameservers = empty($nameservers_array) ? {
+    true  => [$facts['networking']['fqdn']],
+    false => $nameservers_array,
+    default => [$facts['networking']['fqdn']],
+  }
+
   class {'profiles::dns::server':
     acls       => $acls,
     zones      => $zones,
@@ -37,7 +55,7 @@ class profiles::dns::master (
       profiles::dns::zone { $name:
         zone        => $data['domain'],
         basedir     => $basedir,
-        nameservers => $nameservers,
+        nameservers => sort($nameservers),
         owner       => $owner,
         group       => $group,
         before      => Bind::Zone[$name]