diff --git a/api/app.py b/api/app.py
index 6f59d75..fbc7618 100644
--- a/api/app.py
+++ b/api/app.py
@@ -414,13 +414,11 @@ def _bootstrap_dns():
             if effective_domain and effective_domain != domain:
                 import ip_utils
                 caddy_ip = ip_utils.get_service_ips(ip_range).get('caddy', '172.20.0.2')
+                # update_split_horizon_zone writes both the zone file and the Corefile
+                # (with the split-horizon block included). No separate apply_all_dns_rules
+                # call needed — that would overwrite the Corefile and drop the split-horizon block.
                 network_manager.update_split_horizon_zone(
                     effective_domain, caddy_ip, primary_domain=domain)
-        # Regenerate the Corefile so any new zone blocks or reload options take
-        # effect immediately without waiting for the next peer modification.
-        firewall_manager.apply_all_dns_rules(
-            peer_registry.list_peers(), COREFILE_PATH, domain,
-            cell_links=cell_link_manager.list_connections())
     except Exception as e:
         logger.warning(f"DNS bootstrap failed (non-fatal): {e}")