diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager
index 182c13b..5c02e57 100644
--- a/ansible/environments/colo/host_vars/mrmanager
+++ b/ansible/environments/colo/host_vars/mrmanager
@@ -27,6 +27,10 @@ jail_list:
     enabled: true
     conf:
       src: admin_git
+  - name: public_dns
+    enabled: true
+    conf:
+      src: public_dns
 bhyve_dataset: zdata/vm
 bhyve_canmount: "on"
 # efi_dev: /dev/gpt/EFI
diff --git a/ansible/roles/jail/files/jails/public_dns.conf b/ansible/roles/jail/files/jails/public_dns.conf
new file mode 100644
index 0000000..b61d23f
--- /dev/null
+++ b/ansible/roles/jail/files/jails/public_dns.conf
@@ -0,0 +1,14 @@
+public_dns {
+    path = "/jail/main/jails/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}
diff --git a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
index a5c9f6d..1502ea1 100644
--- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
+++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
@@ -63,6 +63,11 @@
                         // admin_git
                         "hw-address": "58:9c:fc:10:fc:5a",
                         "ip-address": "10.215.1.210"
+                    },
+                    {
+                        // public_dns
+                        "hw-address": "58:9c:fc:10:ff:80",
+                        "ip-address": "10.215.1.211"
                     }
                 ]
             }