diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 8bb362a..516ee39 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -8,4 +8,4 @@ jobs:
     steps:
       - run: install -m 700 -d ~/.ssh
       - run: install -m 600 <(echo '${{ secrets.DEPLOY_KEY }}') ~/.ssh/deploy_key
-      - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@keiu.net 'sh -c "cd ~/keiu.net && git pull --rebase && docker compose up -d"'
+      - run: ssh -i ~/.ssh/deploy_key -o 'StrictHostKeyChecking no' kou029w@keiu.net 'sh -c "cd ~/keiu.net && git pull --rebase && docker compose up --detach --remove-orphans"'
diff --git a/compose.yml b/compose.yml
index a9c4617..e9a232e 100644
--- a/compose.yml
+++ b/compose.yml
@@ -11,7 +11,7 @@ services:
       - ./srv:/srv
       - caddy_data:/data
       - caddy_config:/config
-  dns.keiu.net:
+  dns:
     image: coredns/coredns:1.9.3@sha256:8e352a029d304ca7431c6507b56800636c321cb52289686a581ab70aaa8a2e2a
     restart: unless-stopped
     expose: ["443"]
diff --git a/etc/caddy/Caddyfile b/etc/caddy/Caddyfile
index 1ae4e4b..f6b1eba 100644
--- a/etc/caddy/Caddyfile
+++ b/etc/caddy/Caddyfile
@@ -5,10 +5,12 @@
 }
 keiu.net {
 	file_server
+	reverse_proxy /dns-query https://dns {
+		transport http {
+			tls_server_name keiu.net
+		}
+	}
 }
 www.keiu.net {
 	redir https://keiu.net{uri} 308
 }
-dns.keiu.net {
-	reverse_proxy https://dns.keiu.net
-}
diff --git a/etc/coredns/Corefile b/etc/coredns/Corefile
index b9485e2..ae514c6 100644
--- a/etc/coredns/Corefile
+++ b/etc/coredns/Corefile
@@ -1,5 +1,5 @@
 https://. tls://. . {
-	tls /var/lib/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/dns.keiu.net/dns.keiu.net.crt /var/lib/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/dns.keiu.net/dns.keiu.net.key
+	tls /var/lib/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/keiu.net/keiu.net.crt /var/lib/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/keiu.net/keiu.net.key
 	reload
 	prometheus 0.0.0.0:9153
 	hosts {