diff --git a/powerdns-bullseye.yml b/powerdns-bullseye.yml
new file mode 100644
index 0000000..80e27f2
--- /dev/null
+++ b/powerdns-bullseye.yml
@@ -0,0 +1,11 @@
+---
+- hosts: all
+  become: true
+  tasks:
+    - import_tasks: tasks/debian-general/repositories-bullseye.yml
+    - import_tasks: tasks/debian-general/upgrade.yml
+    - import_tasks: tasks/debian-general/gnupg2.yml
+    - import_tasks: tasks/powerdns-bullseye/gpg-key.yml
+    - import_tasks: tasks/powerdns-bullseye/repositories-authoritative.yml
+    - import_tasks: tasks/debian-general/upgrade.yml
+    - import_tasks: tasks/powerdns-bullseye/powerdns-authoritative.yml
diff --git a/tasks/debian-general/gnupg2.yml b/tasks/debian-general/gnupg2.yml
new file mode 100644
index 0000000..6c17b5a
--- /dev/null
+++ b/tasks/debian-general/gnupg2.yml
@@ -0,0 +1,7 @@
+---
+- name: Ensure gnupg2 is installed and updated
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 0
+    name: gnupg2
+    state: latest
diff --git a/tasks/powerdns-bullseye/gpg-key.yml b/tasks/powerdns-bullseye/gpg-key.yml
new file mode 100644
index 0000000..a0a72a2
--- /dev/null
+++ b/tasks/powerdns-bullseye/gpg-key.yml
@@ -0,0 +1,19 @@
+---
+- name: Check if PowerDNS GPG key is already present
+  ansible.builtin.stat:
+    path: /etc/apt/trusted.gpg.d/pdns.gpg
+  register: pdns_gpg_presence
+- name: Download armored PowerDNS GPG key
+  ansible.builtin.get_url:
+    url: https://repo.powerdns.com/FD380FBB-pub.asc
+    dest: /tmp/pdns.asc
+  when: not pdns_gpg_presence.stat.exists
+- name: Ensure unarmored PowerDNS GPG key is present
+  ansible.builtin.command:
+    cmd: gpg --dearmor -o /etc/apt/trusted.gpg.d/pdns.gpg /tmp/pdns.asc
+  when: not pdns_gpg_presence.stat.exists
+- name: Remove temporary armored PowerDNS GPG key
+  ansible.builtin.file:
+    path: /tmp/pdns.asc
+    state: absent
+  when: not pdns_gpg_presence.stat.exists
diff --git a/tasks/powerdns-bullseye/powerdns-authoritative.yml b/tasks/powerdns-bullseye/powerdns-authoritative.yml
new file mode 100644
index 0000000..69045e7
--- /dev/null
+++ b/tasks/powerdns-bullseye/powerdns-authoritative.yml
@@ -0,0 +1,7 @@
+---
+- name: Ensure PowerDNS authoritative server is installed and updated
+  ansible.builtin.apt:
+    update_cache: yes
+    cache_valid_time: 0
+    name: pdns-server
+    state: latest
diff --git a/tasks/powerdns-bullseye/repositories-authoritative.yml b/tasks/powerdns-bullseye/repositories-authoritative.yml
new file mode 100644
index 0000000..9210a8a
--- /dev/null
+++ b/tasks/powerdns-bullseye/repositories-authoritative.yml
@@ -0,0 +1,13 @@
+---
+- name: Ensure PowerDNS repositories are set up correctly
+  ansible.builtin.copy:
+    dest: /etc/apt/sources.list.d/pdns.list
+    content: |
+      deb [arch=amd64] http://repo.powerdns.com/debian bullseye-auth-46 main
+- name: Ensure PowerDNS repository preferences are set up correctly
+  ansible.builtin.copy:
+    dest: /etc/apt/preferences.d/pdns
+    content: |
+      Package: pdns-*
+      Pin: origin repo.powerdns.com
+      Pin-Priority: 600