diff --git a/api/app.py b/api/app.py
index 0c49e38..6f59d75 100644
--- a/api/app.py
+++ b/api/app.py
@@ -416,6 +416,11 @@ def _bootstrap_dns():
                 caddy_ip = ip_utils.get_service_ips(ip_range).get('caddy', '172.20.0.2')
                 network_manager.update_split_horizon_zone(
                     effective_domain, caddy_ip, primary_domain=domain)
+        # Regenerate the Corefile so any new zone blocks or reload options take
+        # effect immediately without waiting for the next peer modification.
+        firewall_manager.apply_all_dns_rules(
+            peer_registry.list_peers(), COREFILE_PATH, domain,
+            cell_links=cell_link_manager.list_connections())
     except Exception as e:
         logger.warning(f"DNS bootstrap failed (non-fatal): {e}")
 
diff --git a/api/firewall_manager.py b/api/firewall_manager.py
index f315402..c4aa9ad 100644
--- a/api/firewall_manager.py
+++ b/api/firewall_manager.py
@@ -739,7 +739,7 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE
 
         acl_block = _build_acl_block(blocked, domain)
 
-        primary_zone_block = f'{domain} {{\n    file /data/{domain}.zone\n    log\n'
+        primary_zone_block = f'{domain} {{\n    file /data/{domain}.zone reload 30s\n    log\n'
         if acl_block:
             primary_zone_block += acl_block + '\n'
         primary_zone_block += '}\n'
@@ -760,7 +760,7 @@ def generate_corefile(peers: List[Dict[str, Any]], corefile_path: str = COREFILE
             for sz in split_horizon_zones:
                 corefile += (
                     f'\n{sz} {{\n'
-                    f'    file /data/{sz}.zone\n'
+                    f'    file /data/{sz}.zone reload 30s\n'
                     f'    log\n'
                     f'}}\n'
                 )
diff --git a/api/network_manager.py b/api/network_manager.py
index 8a6d7df..d9324a5 100644
--- a/api/network_manager.py
+++ b/api/network_manager.py
@@ -453,10 +453,10 @@ class NetworkManager(BaseServiceManager):
             return {'running': False, 'stats': {}}
     
     def _reload_dns_service(self):
-        """Reload DNS service"""
+        """Send SIGUSR1 to CoreDNS so the reload plugin picks up zone file changes."""
         try:
-            subprocess.run(['docker', 'exec', 'cell-dns', 'kill', '-HUP', '1'],
-                         capture_output=True, timeout=10)
+            subprocess.run(['docker', 'kill', '--signal=SIGUSR1', 'cell-dns'],
+                           capture_output=True, timeout=10)
         except Exception as e:
             logger.error(f"Failed to reload DNS service: {e}")