diff --git a/nix/modules/coredns.nix b/nix/modules/coredns.nix
index 8adcd6f..00a008b 100644
--- a/nix/modules/coredns.nix
+++ b/nix/modules/coredns.nix
@@ -229,18 +229,19 @@ in {
       WorkingDirectory = "/";
       # StartLimitIntervalSec = 5;
       StartLimitBurst = 10;
-      Restart = lib.mkDefault "always";
+      Restart = lib.mkForce "always";
       RestartSec = 10;
       # PermissionsStartOnly = true;
       ProtectSystem = "strict";
       LimitNOFILE = 1048576;
       LimitNPROC = 512;
       User = usr;
+      DynamicUser = lib.mkForce "no";
       EnvironmentFile = config.sops.templates.corednsEnv.path;
       # LoadCredential = lib.mapAttrsToList (name: path: "${name}:${path}") cfg.credentials;
       DeviceAllow = "";
       LockPersonality = true;
-      MemoryDenyWriteExecute = false;
+      MemoryDenyWriteExecute = true;
       NoNewPrivileges = true;
       PrivateDevices = true;
       PrivateTmp = true;