diff --git a/contrib/#dn42promsrv.service# b/contrib/#dn42promsrv.service#
new file mode 100644
index 0000000..0349925
--- /dev/null
+++ b/contrib/#dn42promsrv.service#
@@ -0,0 +1,29 @@
+##########################################################################
+# dn42promsrv example systemd service file
+##########################################################################
+
+[Unit]
+Description=DN42 Prometheus Stats Server
+After=network.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+User=promsrv
+Group=promsrv
+Type=simple
+Restart=on-failure
+# service hardening
+ProtectSystem=strict
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+PrivateTmp=yes
+PrivateDevices=yes
+DevicePolicy=closed
+MemoryDenyWriteExecute=yes
+#
+ExecStart=/usr/local/bin/dn42promsrv 
+     
+#########################################################################
+# end of file
diff --git a/dns.go b/dns.go
index c13735b..4e2d983 100644
--- a/dns.go
+++ b/dns.go
@@ -9,7 +9,7 @@ package main
 import (
 	"encoding/json"
 	"errors"
-	//	"fmt"
+	"fmt"
 	dns "github.com/miekg/dns"
 	"github.com/prometheus/client_golang/prometheus"
 	log "github.com/sirupsen/logrus"
@@ -83,6 +83,8 @@ var dns_servers = []*DNSServer{
 
 	// master
 
+	&DNSServer{"master", "jrb0001", "b.master.delegation-servers.dn42", 6,
+		"[fd42:180:3de0:30::1]:53", 0},
 	&DNSServer{"master", "jrb0001", "j.master.delegation-servers.dn42", 6,
 		"[fd42:180:3de0:10:5054:ff:fe87:ea39]:53", 0},
 
@@ -204,17 +206,13 @@ func (m *DNSMetrics) Collect() {
 
 	now := uint64(time.Now().Unix())
 
-	// add master servers to a list to compare SOA
-	masters := make([]uint32, 2)
+	// search the masters for the highest SOA
+	var latest_soa uint32 = 0
+
 	for _, server := range dns_servers {
 		if server.role == "master" {
-			masters = append(masters, server.soa)
-		} else {
-			// icky icky icky - manually add yamakaja's server temporarily
-			if server.role == "delegation" &&
-				server.owner == "yamakaja" &&
-				server.ip == 6 {
-				masters = append(masters, server.soa)
+			if server.soa > latest_soa {
+				latest_soa = server.soa
 			}
 		}
 	}
@@ -259,22 +257,11 @@ func (m *DNSMetrics) Collect() {
 				}).Info("DNS Server high RTT")
 			}
 
-			// check if the SOA matches any defined master SOA
-
-			// assume not
-			valid = 1
-
-			// automatically invalid if out of date (older than 25 hours)
-			if (now - uint64(r.serial)) < (3600 * 25) {
-				// otherwise step through each 'master' and
-				// check if the SOA matches somewhere
-				for _, soa := range masters {
-					if r.serial == soa {
-						// match was found
-						valid = 0
-						break
-					}
-				}
+			// check if the SOA matches the lastest master SOA
+			if r.serial == latest_soa {
+				valid = 0
+			} else {
+				valid = 1
 			}
 
 			// before setting whether the server is valid, calculate the stime
@@ -311,7 +298,9 @@ func (s *DNSServer) Query() *DNSResult {
 	msg.RecursionDesired = (s.role == "recursive")
 
 	// query the dn42 root zone SOA
-	msg.Question = []dns.Question{{"dn42.", dns.TypeSOA, dns.ClassINET}}
+	msg.Question = []dns.Question{
+		{"dn42.", dns.TypeSOA, dns.ClassINET},
+	}
 
 	// add EDNS0 options to also query the service ID (NSID)
 	// pretty much copied verbatim from the library docs
@@ -333,6 +322,7 @@ func (s *DNSServer) Query() *DNSResult {
 
 	// create a new DNS client
 	client := new(dns.Client)
+	client.Timeout, _ = time.ParseDuration("4s")
 
 	// and finally query the server
 	resp, rtt, err := client.Exchange(msg, s.addr)
@@ -346,6 +336,8 @@ func (s *DNSServer) Query() *DNSResult {
 		return nil
 	}
 
+	fmt.Printf("Resp: %v\n", resp)
+
 	// was an SOA returned ?
 	if soa, ok := resp.Answer[0].(*dns.SOA); !ok {