diff --git a/modules/kubernetes/dnscat2/main.tf b/modules/kubernetes/dnscat2/main.tf
new file mode 100644
index 00000000..4d8186f1
--- /dev/null
+++ b/modules/kubernetes/dnscat2/main.tf
@@ -0,0 +1,80 @@
+# variable "tls_secret_name" {}
+
+resource "kubernetes_namespace" "dnscat2" {
+  metadata {
+    name = "dnscat2"
+    labels = {
+      "istio-injection" : "disabled"
+    }
+  }
+}
+
+# module "tls_secret" {
+#   source          = "../setup_tls_secret"
+#   namespace       = "dnscat2"
+#   tls_secret_name = var.tls_secret_name
+# }
+
+resource "kubernetes_deployment" "dnscat2" {
+  metadata {
+    name      = "dnscat2"
+    namespace = "dnscat2"
+    labels = {
+      app = "dnscat2"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "dnscat2"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "dnscat2"
+        }
+      }
+      spec {
+        container {
+          image = "arno0x0x/dnscat2"
+          name  = "dnscat2"
+          stdin = true
+          tty   = true
+          port {
+            name="dns"
+            container_port = 53
+            protocol       = "UDP"
+          }
+          env {
+            name  = "DOMAIN_NAME"
+            value = "rp.viktorbarzin.me"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "dnscat2" {
+  metadata {
+    name      = "dnscat2"
+    namespace = "dnscat2"
+    labels = {
+      "app" = "dnscat2"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "dnscat2"
+    }
+    port {
+      name     = "dns"
+      protocol = "UDP"
+      port     = 53
+      #   target_port = 53
+    }
+  }
+}
diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf
index 5d6de6bf..dada3a6e 100644
--- a/modules/kubernetes/mailserver/main.tf
+++ b/modules/kubernetes/mailserver/main.tf
@@ -35,7 +35,7 @@ resource "kubernetes_config_map" "mailserver_env_config" {
   data = {
     DMS_DEBUG                              = "0"
     ENABLE_CLAMAV                          = "0"
-    ENABLE_FAIL2BAN                        = "0"
+    ENABLE_FAIL2BAN                        = "1"
     ENABLE_FETCHMAIL                       = "0"
     ENABLE_POSTGREY                        = "0"
     ENABLE_SASLAUTHD                       = "0"
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 5bd0ae72..601e517a 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -450,3 +450,8 @@ module "servarr" {
   source          = "./servarr"
   tls_secret_name = var.tls_secret_name
 }
+
+module "dnscat2" {
+  source = "./dnscat2"
+  # tls_secret_name = var.tls_secret_name
+}