diff --git a/dmz/external-dns/Chart.yaml b/dmz/external-dns/Chart.yaml
new file mode 100644
index 0000000..8fb36bc
--- /dev/null
+++ b/dmz/external-dns/Chart.yaml
@@ -0,0 +1,12 @@
+
+apiVersion: v2
+name: external-dns
+description: A Helm chart for Kubernetes
+type: application
+version: 0.0.1
+appVersion: 0.0.1
+
+dependencies:
+- name: external-dns
+  repository: https://charts.bitnami.com/bitnami
+  version: 8.3.8
diff --git a/dmz/external-dns/templates/secrets.yaml b/dmz/external-dns/templates/secrets.yaml
new file mode 100644
index 0000000..0420a5d
--- /dev/null
+++ b/dmz/external-dns/templates/secrets.yaml
@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: external-dns-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: external-dns
+  data:
+  - secretKey: cloudflare_api_email
+    remoteRef:
+      key: kv/cloudflare
+      property: cloudflare_api_email
+  - secretKey: cloudflare_api_key
+    remoteRef:
+      key: kv/cloudflare
+      property: cloudflare_api_key
+  - secretKey: cloudflare_api_token
+    remoteRef:
+      key: kv/cloudflare
+      property: cloudflare_api_token
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vault
diff --git a/dmz/external-dns/values.yaml b/dmz/external-dns/values.yaml
new file mode 100644
index 0000000..f25b1e2
--- /dev/null
+++ b/dmz/external-dns/values.yaml
@@ -0,0 +1,16 @@
+external-dns:
+  global:
+    imageRegistry: "registry.durp.info"
+
+  image:
+    pullPolicy: Always
+
+  sources:
+    - service
+    
+  provider: cloudflare
+  cloudflare:
+    secretName : "external-dns"
+    proxied: false
+
+  policy: sync
diff --git a/infra/argocd/templates/external-dns.yaml b/infra/argocd/templates/external-dns.yaml
new file mode 100644
index 0000000..63e1543
--- /dev/null
+++ b/infra/argocd/templates/external-dns.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: external-dns-dmz
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/developerdurp/homelab.git
+    targetRevision: main
+    path: dmz/external-secrets
+  destination:
+    namespace: external-secrets
+    name: dmz
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true  
+    syncOptions:
+      - CreateNamespace=true 
+