diff --git a/defaults/main.yml b/defaults/main.yml
index 9512918..380b745 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,8 +1,12 @@
 ---
 # defaults file for roles/powerdns-recursor
-powerdns_version: 49
-deb_powerdns_version: =4.9.*
-repo_uri: http://repo.powerdns.com/debian
+powerdns_version: "{{ powerdns_recursor.version | default(49) }}"
+deb_powerdns_version: "{{ powerdns_recursor.deb_version | default('=4.9.*') }}"
+repo_uri: "{{ powerdns_recursor.repo_uri | default('http://repo.powerdns.com/debian') }}"
 repo_components: "{{ ansible_distribution_release }}-rec-{{ powerdns_version }} main"
 repo_signed_key: "rec-{{ powerdns_version }}-pub.asc"
 repo_state: "{{ powerdns_recursor__state }}"
+forward_lst: "{{ powerdns_recursor.forward_lst | default ([]) }}"
+#  domain: auth_server_ip
+nta_lst: "{{ powerdns_recursor.nta_lst | default([]) }}"
+root_cached: "{{ powerdns_recursor.root_cached | default('file') }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 0cb4199..8ea42de 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,11 +3,18 @@
 - name: "add powerdns-recursor repository"
   become: true
   block:
-    - name: "powerdns repo apt key"
+    - name: Check if powerdns repo apt key exists
+      stat:
+        path: "/etc/apt/trusted.gpg.d/{{ repo_signed_key }}"
+      register: key_stat
+      ignore_errors: yes
+    
+    - name: Download powerdns repo apt key if needed
       become: true
       get_url: 
         url: https://repo.powerdns.com/FD380FBB-pub.asc
         dest: "/etc/apt/trusted.gpg.d/{{ repo_signed_key }}"
+      when: key_stat.stat.exists == False or key_stat.stat.checksum != 'sha256:checksum_of_the_source_key'
     
     - name: "powerdns-recursor {{ powerdns_version }} repo"
       become: true
@@ -31,12 +38,13 @@
       get_url:
         url: https://www.internic.net/domain/root.zone
         dest: /etc/powerdns/root.zone
+      when: root_cached == 'file'
 
     - name: "template powerdns-recursor configs"
       become: true
       template:
-        src: "templates{{ item }}.j2"
-        dest: "{{ item }}"
+        src: "templates{{ file }}.j2"
+        dest: "{{ file }}"
         owner: root
         group: root
         mode: 0644
@@ -46,5 +54,7 @@
         - /etc/powerdns/recursor.d/allow.lst
         - /etc/powerdns/recursor.d/forward.lst
         - /etc/powerdns/recursor.d/dns-script.lua
+      loop_control:
+        loop_var: file
   notify:
     - Restart powerdns-recursor
diff --git a/templates/etc/powerdns/recursor.d/dns-script.lua.j2 b/templates/etc/powerdns/recursor.d/dns-script.lua.j2
index 2b9e881..dc23cb5 100644
--- a/templates/etc/powerdns/recursor.d/dns-script.lua.j2
+++ b/templates/etc/powerdns/recursor.d/dns-script.lua.j2
@@ -2,7 +2,9 @@
 -- WARNING: auto-generated by Ansible powerdns-recursor role.
 --
 self = newDS()
-self:add{'{{ ansible_hostname }}', '{{ ansible_hostname }}.mm', '{{ ansible_fqdn }}'}
+self:add{'{{ ansible_hostname }}', '{{ ansible_fqdn }}'{%- for fqdn in powerdns_recursor__self_add | default([]) %}
+{% if loop.first %}, {% endif %}'{{ fqdn }}'{% if not loop.last %}, {% endif %}
+{%- endfor %}}
 
 function string.starts(String,Start)
    return string.sub(String,1,string.len(Start))==Start
diff --git a/templates/etc/powerdns/recursor.d/forward.lst.j2 b/templates/etc/powerdns/recursor.d/forward.lst.j2
index 386df6a..356173f 100644
--- a/templates/etc/powerdns/recursor.d/forward.lst.j2
+++ b/templates/etc/powerdns/recursor.d/forward.lst.j2
@@ -1,5 +1,8 @@
 #
 # WARNING: auto-generated by Ansible powerdns-recursor role.
 #
-mm=172.31.122.10
-miranda-media.net=172.31.122.10
+{% if forward_lst is defined and forward_lst | length > 0 %}
+{% for zone, auth_server in forward_lst.items() %}
+{{ zone }}={{ auth_server }}
+{% endfor %}
+{% endif %}
\ No newline at end of file
diff --git a/templates/etc/powerdns/recursor.lua.j2 b/templates/etc/powerdns/recursor.lua.j2
index 93a37c1..9bb78db 100644
--- a/templates/etc/powerdns/recursor.lua.j2
+++ b/templates/etc/powerdns/recursor.lua.j2
@@ -6,7 +6,13 @@
 -- Note: If you provide your own Lua configuration file, consider
 -- running rootkeys.lua too.
 dofile("/usr/share/pdns-recursor/lua-config/rootkeys.lua")
--- zoneToCache(".", "url", "https://www.internic.net/domain/root.zone", { refreshPeriod = 0 })
+{% if root_cached == 'file' %}
 zoneToCache(".", "file", "/etc/powerdns/root.zone", { refreshPeriod = 0 })
-addNTA('mm', "private MM domain")
-addNTA('miranda-media.net', "fix DNSSEC issue for MM domain")
+{% else %}
+zoneToCache(".", "url", "https://www.internic.net/domain/root.zone", { refreshPeriod = 0 })
+{% endif %}
+{% if nta_lst is defined and nta_lst | length > 0 %}
+{% for zone, description in nta_lst.items() %}
+addNTA("{{ zone }}", "{{ description }}")
+{% endfor %}
+{% endif %}