diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
index fa6babbb27..3929711e34 100644
--- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
+++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml
@@ -3,11 +3,11 @@
 
 results:
 
-  adns1.opendev.org:
+  adns99.opendev.org:
     - adns
     - adns-primary
 
-  ns1.opendev.org:
+  ns99.opendev.org:
     - adns
     - adns-secondary
 
diff --git a/playbooks/roles/letsencrypt-install-txt-record/templates/zone.db.j2 b/playbooks/roles/letsencrypt-install-txt-record/templates/zone.db.j2
index 168e711636..9bf4aba751 100644
--- a/playbooks/roles/letsencrypt-install-txt-record/templates/zone.db.j2
+++ b/playbooks/roles/letsencrypt-install-txt-record/templates/zone.db.j2
@@ -1,14 +1,15 @@
 ; -*- mode: zone -*-
 $ORIGIN acme.opendev.org.
 $TTL 1m
-@               IN      SOA     adns1.opendev.org. hostmaster.opendev.org. (
+@               IN      SOA     {{ inventory_hostname }}. hostmaster.opendev.org. (
                         {{ lookup('pipe', 'date +%s') }}  ; serial number unixtime
                         1h          ; refresh (secondary checks for updates)
                         10m         ; retry   (secondary retries failed axfr)
                         10d         ; expire  (secondary ends serving old data)
                         5m  )       ; min ttl (cache time for failed lookups)
-@               IN      NS      ns1.opendev.org.
-@               IN      NS      ns2.opendev.org.
+{% for ns in groups['adns-secondary'] %}
+@               IN      NS      {{ ns }}.
+{% endfor %}
 
 ; NOTE: DO NOT HAND EDIT.  THESE KEYS ARE MANAGED BY ANSIBLE
 
diff --git a/testinfra/test_adns.py b/testinfra/test_adns.py
index dfd9db5684..c9405a977c 100644
--- a/testinfra/test_adns.py
+++ b/testinfra/test_adns.py
@@ -13,7 +13,7 @@
 # under the License.
 
 
-testinfra_hosts = ['adns1.opendev.org']
+testinfra_hosts = ['adns99.opendev.org']
 
 
 def test_bind(host):
diff --git a/testinfra/test_ns.py b/testinfra/test_ns.py
index 09303d63c0..82fbfff8a3 100644
--- a/testinfra/test_ns.py
+++ b/testinfra/test_ns.py
@@ -13,7 +13,7 @@
 # under the License.
 
 
-testinfra_hosts = ['ns1.opendev.org']
+testinfra_hosts = ['ns99.opendev.org']
 
 
 def test_nsd(host):
diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml
index 104d5388c5..4e074e18b0 100644
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@@ -225,7 +225,7 @@
     name: system-config-run-letsencrypt
     parent: system-config-run
     description: |
-      Run the playbook for letsencrypt key acquisition.
+      Run the playbook for letsencrypt key acquisition
     nodeset:
       nodes:
         - <<: *bridge_node_x86
@@ -237,7 +237,9 @@
         # it will populate to the test DNS servers.  LE won't actually
         # authenticate those records, but we are validating the path
         # of at least creating and collecting them here.
-        - name: adns-letsencrypt.opendev.org
+        - name: adns99.opendev.org
+          label: ubuntu-jammy
+        - name: ns99.opendev.org
           label: ubuntu-jammy
         - name: letsencrypt01.opendev.org
           label: ubuntu-jammy
@@ -432,9 +434,9 @@
     nodeset:
       nodes:
         - <<: *bridge_node_x86
-        - name: adns1.opendev.org
+        - name: adns99.opendev.org
           label: ubuntu-jammy
-        - name: ns1.opendev.org
+        - name: ns99.opendev.org
           label: ubuntu-jammy
       groups:
         - <<: *bastion_group
@@ -442,7 +444,7 @@
       run_playbooks:
         - playbooks/service-nameserver.yaml
     host-vars:
-      adns1.opendev.org:
+      adns99.opendev.org:
         host_copy_output:
           '/etc/bind/named.conf': logs
           '/var/lib/bind/zones': logs