diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..074c72b
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,41 @@
+image: debian:stable-slim
+
+stages:
+- build
+- deploy
+
+build:
+  stage: build
+  before_script:
+    - apt-get update
+    - apt-get install -y knot-dnsutils
+  script:
+    - |
+      for zonefile in zones/*; do
+          zone=$(basename $zonefile .zone)
+          echo "Checking zone $zone..."
+          kzonecheck -v -o $zone $zonefile
+          echo $(echo -n $zone | sha1sum | cut -f1 -d' ').zones 0 IN PTR $zone. >> catalog-zones/dns-witch-catalog.zone
+      done
+  artifacts:
+    paths:
+      - catalog-zones/*
+    expire_in: 1 day
+
+deploy:
+  stage: deploy
+  script:
+    - scp -r zones catalog-zones ${SSH_PRIMARY_NS}:/var/lib/knot/
+    - ssh ${SSH_PRIMARY_NS} /usr/sbin/knotc reload
+  before_script:
+    - apt-get update
+    - apt-get install -y ssh-client
+      # from https://docs.gitlab.com/ee/ci/ssh_keys/
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p $HOME/.ssh
+    - chmod 700 $HOME/.ssh
+    - echo "$SSH_KNOWN_HOSTS" >> $HOME/.ssh/known_hosts
+    - echo "$SSH_CONFIG" >> $HOME/.ssh/config
+    - chmod 644 $HOME/.ssh/{known_hosts,config}
+  when: manual
diff --git a/README.md b/README.md
index 11defb0..0f39214 100644
--- a/README.md
+++ b/README.md
@@ -2,3 +2,6 @@
 
 A DNS zone management service to make accessible the [.eu.org](https://nic.eu.org) domain names to everyone.
 
+### Deployment
+
+Deploy the configuration using `ansible-playbook -i config/host config/deploy.yml`
diff --git a/catalog-zones/dns-witch-catalog.zone b/catalog-zones/dns-witch-catalog.zone
new file mode 100644
index 0000000..4a147d0
--- /dev/null
+++ b/catalog-zones/dns-witch-catalog.zone
@@ -0,0 +1,5 @@
+dns-witch-catalog.    300     SOA   ns1.dns-witch.net.eu.org. support.dns-witch.net.eu.org. 2021072102 28800 7200 2419200 300
+dns-witch-catalog.    3600    NS    ns1.dns-witch.net.eu.org.
+dns-witch-catalog.    3600    NS    ns2.dns-witch.net.eu.org.
+
+version 0 IN TXT "2"
diff --git a/zones/grimoire.eu.org.zone b/zones/grimoire.eu.org.zone
index b8935e4..3f3ddc2 100644
--- a/zones/grimoire.eu.org.zone
+++ b/zones/grimoire.eu.org.zone
@@ -17,8 +17,8 @@ autel.grimoire.eu.org.	3600	A	95.217.26.22
 ; AAAA Records
 @	IN 3600	  AAAA	2a01:4f9:c010:ed58::1
 *.grimoire.eu.org.  IN	3600	AAAA	2a01:4f9:c010:ed58::1
-autel.grimoire.eu.org.	3600	A	2a01:4f9:c010:ed58::1
-*.autel.grimoire.eu.org.	3600	A	2a01:4f9:c010:ed58::1
+autel.grimoire.eu.org.	3600	AAAA	2a01:4f9:c010:ed58::1
+*.autel.grimoire.eu.org.	3600	AAAA	2a01:4f9:c010:ed58::1
 
 ; MX Records
 @	IN 3600	  MX	10 familier.net.eu.org.