diff --git a/meta/dns.nix b/meta/dns.nix
index 0f2c138..76e6bfc 100644
--- a/meta/dns.nix
+++ b/meta/dns.nix
@@ -247,14 +247,22 @@ in
           { site, ... }:
           let
             net = meta.network.${host};
+            f =
+              x:
+              if x == [ ] then
+                [ ]
+              else if net.singleIpRecord then
+                [ (builtins.head x) ]
+              else
+                x;
             inherit (net.addresses) ipv4 ipv6;
           in
           nameValuePair "${host}.${site}" {
-            A = ipv4;
-            AAAA = ipv6;
+            A = f ipv4;
+            AAAA = f ipv6;
             subdomains = {
-              v4.A = ipv4;
-              v6.AAAA = ipv6;
+              v4.A = f ipv4;
+              v6.AAAA = f ipv6;
               private.A = optional (net.netbirdIp != null) net.netbirdIp;
             };
           }
diff --git a/meta/network.nix b/meta/network.nix
index e256135..128c7f0 100644
--- a/meta/network.nix
+++ b/meta/network.nix
@@ -368,6 +368,7 @@
 
       hostId = "8afc7749";
       netbirdIp = "100.80.157.46";
+      singleIpRecord = true;
     };
   };
 }
diff --git a/meta/options.nix b/meta/options.nix
index 9cf262c..ace6045 100644
--- a/meta/options.nix
+++ b/meta/options.nix
@@ -20,6 +20,7 @@ let
   inherit (lib.types)
     attrs
     attrsOf
+    bool
     enum
     ints
     listOf
@@ -405,6 +406,15 @@ in
                 '';
               };
 
+              singleIpRecord = mkOption {
+                type = bool;
+                default = false;
+                description = ''
+                  When set to true, only the first IP address will be set for
+                  the A or AAAA record int hte DNS zone.
+                '';
+              };
+
               # FIXME: Unused
               vpnKeys = mkOption {
                 type = attrsOf vpnKeyType;