diff --git a/Dockerfile b/Dockerfile
index d9cb8a6..33588dc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,7 @@ RUN apt update && \
 ADD conf/kea-ctrl-agent.conf /etc/kea/kea-ctrl-agent.conf
 ADD conf/kea-dhcp4.conf.env /etc/kea/kea-dhcp4.conf.env
 ADD conf/kea-dhcp6.conf.env /etc/kea/kea-dhcp6.conf.env
+ADD conf/kea-ddns.conf.env /etc/kea/kea-ddns.conf.env
 ADD bootstrap.sh /bootstrap.sh
 
 ENTRYPOINT ["/bootstrap.sh"]
diff --git a/bootstrap.sh b/bootstrap.sh
index dcbcd7a..5c1147c 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -17,6 +17,7 @@ echo "HOSTNAME: ${HOSTNAME}"
 # KEA_DB_PASSWORD is not printed
 envsubst '$KEA_DB_HOST,$KEA_DB_PORT,$KEA_DB_USER,$KEA_DB_DB,$KEA_DB_PASSWORD,$HOSTNAME' < /etc/kea/kea-dhcp4.conf.env > /etc/kea/kea-dhcp4.conf
 envsubst '$KEA_DB_HOST,$KEA_DB_PORT,$KEA_DB_USER,$KEA_DB_DB,$KEA_DB_PASSWORD,$HOSTNAME' < /etc/kea/kea-dhcp6.conf.env > /etc/kea/kea-dhcp6.conf
+envsubst '$KEA_DB_HOST,$KEA_DB_PORT,$KEA_DB_USER,$KEA_DB_DB,$KEA_DB_PASSWORD,$HOSTNAME,$DDNS_KEY' < /etc/kea/kea-ddns.conf.env > /etc/kea/kea-ddns.conf
 
 echo "Startmode: $1 $2"
 
@@ -24,6 +25,8 @@ if [ "$1" = "agent" ] ; then
   exec /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
 elif [ "$1" = "dhcpv6" ]; then
   exec /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+elif [ "$1" = "ddns" ]; then
+  exec /usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-ddns.conf
 else
   exec /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
 fi
\ No newline at end of file
diff --git a/conf/kea-ctrl-agent.conf b/conf/kea-ctrl-agent.conf
index d83ef1e..53ae126 100644
--- a/conf/kea-ctrl-agent.conf
+++ b/conf/kea-ctrl-agent.conf
@@ -37,11 +37,11 @@
         "dhcp6": {
             "socket-type": "unix",
             "socket-name": "/run/kea-dhcp6-ctrl-socket"
-        }
-        /*"d2": {
+        },
+        "d2": {
             "socket-type": "unix",
             "socket-name": "/tmp/kea-ddns-ctrl-socket"
-        }*/
+        }
     },
 
     // Specify hooks libraries that are attached to the Control Agent.
diff --git a/conf/kea-ddns.conf.env b/conf/kea-ddns.conf.env
new file mode 100644
index 0000000..60ff4f8
--- /dev/null
+++ b/conf/kea-ddns.conf.env
@@ -0,0 +1,119 @@
+{
+// ------------------ DHCP-DDNS ---------------------
+"DhcpDdns":
+{
+
+// --------------  Global Parameters ----------------
+//   D2 will listen for update requests for Kea DHCP servers at 127.0.0.1
+//   on port 53001.  Maximum time to we will wait for a DNS server to
+//   respond to us is 1000 ms.
+
+    "ip-address": "127.0.0.1",
+    "port": 53001,
+    "dns-server-timeout" : 1000,
+
+// One extra feature that requires some explanation is
+// user-context. This is a structure that you can define at global scope,
+// in ddns domain, dns server, tsig key and others. It is parsed by
+// Kea, but not used directly.  It is intended to keep anything you
+// may want to put there - comments, extra designations, floor or
+// department names etc.
+// A comment entry is translated into a user-context with a "comment"
+// property so you can include comments inside the configuration itself.
+
+    "user-context": { "version": 1 },
+
+// ----------------- Control Socket -----------------
+
+    "control-socket": {
+        "socket-type": "unix",
+        "socket-name": "/run/kea-ddns-ctrl-socket"
+    },
+
+    "forward-ddns":
+    {
+        "ddns-domains":
+        [
+            {
+                "comment": "forward domain",
+                "name": "lan.geco.ethz.ch.",
+                "key-name": ".key",
+                "dns-servers":
+                [
+                    {
+                        "ip-address": "10.233.242.201"
+                    }
+                ]
+            },
+        ]
+    },
+
+    "reverse-ddns":
+    {
+        "ddns-domains":
+        [
+            {
+                "comment": "v4 reverse domain",
+                "name": "233.10.in-addr.arpa.",
+                "key-name": "key",
+                "dns-servers":
+                [
+                    {
+                        "ip-address": "10.233.242.201"
+                    }
+                ]
+            },
+            {
+                "comment": "v6 reverse domain",
+                "name": "0.7.c.4.c.e.0.1.c.7.6.0.1.0.0.2.ip6.arpa.",
+                "key-name": "key",
+                "dns-servers":
+                [
+                    {
+                        "ip-address": "10.233.242.201"
+                    }
+                ]
+            },
+        ]
+    },
+
+// ------------------ TSIG keys ---------------------
+//   Each key has a name, an algorithm (HMAC-MD5, HMAC-SHA1, HMAC-SHA224...)
+//   and a base-64 encoded shared secret.
+    "tsig-keys":
+    [
+        {
+            "name": "key",
+            "algorithm": "HMAC-SHA256",
+            "secret": "$DDNS_KEY"
+        }
+    ],
+
+// The following configures logging. It assumes that messages with at least
+// informational level (info, warn, error and fatal) should be logged to stdout.
+// It also specifies a custom log pattern.
+    "loggers": [
+        {
+            "name": "kea-dhcp-ddns",
+            "output-options": [
+                {
+                    "output": "stdout",
+                    // Several additional parameters are possible in addition
+                    // to the typical output. Flush determines whether logger
+                    // flushes output to a file. Maxsize determines maximum
+                    // filesize before the file is rotated. maxver
+                    // specifies the maximum number of rotated files being
+                    // kept.
+                    "flush": true,
+                    "maxsize": 204800,
+                    "maxver": 4,
+                    "pattern": "%d [%c/%i] %m\n"
+                }
+            ],
+            "debuglevel": 0,
+            "severity": "INFO"
+        }
+    ]
+}
+
+}
\ No newline at end of file