diff --git a/README.md b/README.md
index 863cc29..1d50f2e 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,12 @@ I need it for my servers
 
 ## How?
 
+You need `jnv.debian-backports` as prerequisite role:
+
+```
+$ ansible-galaxy install jnv.debian-backports
+```
+
 Configure appropriately your inventory to include one **main zone** and pointing
 out the primary (_star_) and the secondaries (_satellite_). An example [variable
 file][1] looks like this
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..a94d358
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: jnv.debian-backports
diff --git a/tasks/nsd.yml b/tasks/nsd.yml
index 1bac46c..eb41239 100644
--- a/tasks/nsd.yml
+++ b/tasks/nsd.yml
@@ -9,22 +9,29 @@
     mode: 0600
   register: testing_sources
 
-- name: Ensure only nsd is taken from testing
+- name: Ensure nsd is taken from testing
   copy:
     content: |
       Package: nsd
       Pin: release a=testing
       Pin-Priority: 999
-
-      Package: *
-      Pin: release a=stable
-      Pin-Priority: 700
     dest: /etc/apt/preferences.d/10-nsd-related
     owner: root
     group: root
     mode: 0600
   register: repo_config
 
+- name: Ensure only nsd is taken from testing
+  copy:
+    content: |
+      Package: *
+      Pin: release a=stable
+      Pin-Priority: 700
+    dest: /etc/apt/preferences.d/99-all-the-rest-from-stable
+    owner: root
+    group: root
+    mode: 0600
+
 - name: Ensure repo are up-to-date
   apt:
     update_cache: yes
diff --git a/tasks/unbound.yml b/tasks/unbound.yml
index baf3638..08d0729 100644
--- a/tasks/unbound.yml
+++ b/tasks/unbound.yml
@@ -3,6 +3,24 @@
   apt:
     name: unbound
     state: present
+    default_release: "{{ ansible_distribution_release }}-backports"
+
+- name: Ensure only unbound is taken from testing
+  copy:
+    content: |
+      Package: nsd
+      Pin: release a={{ ansible_distribution_release }}-backports
+      Pin-Priority: 998
+    dest: /etc/apt/preferences.d/20-unbound-related
+    owner: root
+    group: root
+    mode: 0600
+  register: repo_config_unbound
+
+- name: Ensure repo are up-to-date
+  apt:
+    update_cache: yes
+  when: repo_config_unbound.changed
 
 - fail:
     msg: "Required nsd_addr is missing"