diff --git a/main.tf b/main.tf
index b50bad9..3790a41 100644
--- a/main.tf
+++ b/main.tf
@@ -108,3 +108,25 @@ module "vm_spoke" {
 
   depends_on = [module.spoke_network]
 }
+
+module "koszewscy_internal_zone" {
+  source = "./modules/dns-managed-zone"
+
+  project_id = var.hub.project
+  dns_name   = "koszewscy.waw.pl."
+
+  network_id = module.hub_network.id
+
+  target_name_servers = ["192.168.2.5"]
+}
+
+module "koszewscy_internal_zone_spoke" {
+  source = "./modules/dns-managed-zone"
+
+  project_id = var.spoke.project
+  dns_name   = "koszewscy.waw.pl."
+  zone_name  = "koszewscy-waw-pl-spoke"
+
+  network_id         = module.spoke_network.id
+  peering_network_id = module.hub_network.id
+}
diff --git a/modules/dns-managed-zone/main.tf b/modules/dns-managed-zone/main.tf
new file mode 100644
index 0000000..11263ad
--- /dev/null
+++ b/modules/dns-managed-zone/main.tf
@@ -0,0 +1,49 @@
+resource "google_dns_managed_zone" "zone" {
+  dns_name = var.dns_name
+  name     = var.zone_name != null ? var.zone_name : "${replace(replace(var.dns_name, "/\\.$/", ""), ".", "-")}-zone"
+  project  = var.project_id
+
+  visibility = var.network_id != null ? "private" : "public"
+
+  dynamic "private_visibility_config" {
+    for_each = var.network_id != null ? [1] : []
+
+    content {
+      networks {
+        network_url = var.network_id
+      }
+    }
+  }
+
+  dynamic "forwarding_config" {
+    for_each = var.target_name_servers != null ? var.target_name_servers : []
+
+    content {
+      target_name_servers {
+        ipv4_address = forwarding_config.value
+      }
+    }
+  }
+
+  dynamic "peering_config" {
+    for_each = var.peering_network_id != null ? [1] : []
+
+    content {
+      target_network {
+        network_url = var.peering_network_id
+      }
+    }
+  }
+}
+
+resource "google_dns_record_set" "records" {
+  count   = length(var.resource_records)
+  project = var.project_id
+
+  managed_zone = google_dns_managed_zone.zone.name
+  name         = var.resource_records[count.index].name
+  type         = var.resource_records[count.index].type
+  ttl          = var.resource_records[count.index].ttl
+
+  rrdatas = var.resource_records[count.index].rrdatas
+}
diff --git a/modules/dns-managed-zone/variables.tf b/modules/dns-managed-zone/variables.tf
new file mode 100644
index 0000000..69f9a01
--- /dev/null
+++ b/modules/dns-managed-zone/variables.tf
@@ -0,0 +1,48 @@
+variable "project_id" {
+  description = "The project ID where the managed zone will be created."
+  type        = string
+}
+
+variable "dns_name" {
+  description = "The DNS name for the managed zone."
+  type        = string
+}
+
+variable "zone_name" {
+  description = "The name of the managed zone."
+  type        = string
+  default     = null
+}
+
+variable "network_id" {
+  description = "The network ID for the managed zone."
+  type        = string
+  nullable    = true
+  default     = null
+}
+
+variable "peering_network_id" {
+  description = "The peering network ID for the managed zone."
+  type        = string
+  nullable    = true
+  default     = null
+
+}
+
+variable "target_name_servers" {
+  description = "List of target name servers for forwarding configuration"
+  type        = list(string)
+  default     = []
+}
+
+variable "resource_records" {
+  description = "A map of resource records to create in the DNS managed zone."
+  type = list(object({
+    name    = string
+    type    = string
+    ttl     = number
+    rrdatas = list(string)
+  }))
+  default = []
+}
+