diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml
index 653e5e1dfac9247946464bfa4601951a81805bf0..d3d8d00f541fee618f364d42a58e2b38ad45eb56 100644
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -1,4 +1,36 @@
 ---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: blocky-config
+  namespace: dns
+data:
+  config.yaml: |
+    ports:
+      dns: 53
+      tls: 853
+      https: 443
+      http: 4000
+    upstreams:
+      groups:
+        default:
+          - https://dns.quad9.net/dns-query
+    bootstrapDns:
+      - https://1.1.1.1/dns-query
+      - tcp+udp:9.9.9.9
+    startVerifyUpstream: true
+    caching:
+      minTime: 5m
+      maxItemsCount: 262144
+      prefetching: true
+      prefetchMaxItemsCount: 131072
+    prometheus:
+      enable: true
+    fqdnOnly:
+      enable: true
+    certFile: /etc/pki/dnsproxy/tls.crt
+    keyFile: /etc/pki/dnsproxy/tls.key
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -17,20 +49,10 @@ spec:
     spec:
       containers:
         - name: dnsproxy
-          image: quay.io/sheogorath/dnsproxy:0.54.0
+          image: ghcr.io/0xerr0r/blocky:v0.22
           args:
-            - /dnsproxy
-            - --upstream=https://dns.quad9.net/dns-query
-            - --bootstrap=9.9.9.9
-            - --cache
-            # 96Mi
-            - --cache-size=100663296
-            - --cache-min-ttl=300
-            - --cache-optimistic
-            # Enable DoT
-            - --tls-port=853
-            - --tls-crt=/etc/pki/dnsproxy/tls.crt
-            - --tls-key=/etc/pki/dnsproxy/tls.key
+            - --config
+            - /etc/blocky/config.yaml
           env:
             - name: GOMEMLIMIT
               valueFrom:
@@ -58,6 +80,8 @@ spec:
             - name: tls-secret
               mountPath: "/etc/pki/dnsproxy"
               readOnly: true
+            - name: config
+              mountPath: "/etc/blocky/"
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
@@ -69,6 +93,10 @@ spec:
           secret:
             secretName: ingress-dns-tls
             optional: false
+        - name: config
+          configMap:
+            name: blocky-config
+            optional: false
       securityContext:
         runAsNonRoot: true
         runAsUser: 1000