diff --git a/ex/fks/serve.go b/ex/fks/serve.go
index f4b432a0..27087930 100644
--- a/ex/fks/serve.go
+++ b/ex/fks/serve.go
@@ -23,8 +23,7 @@ func serve(w dns.ResponseWriter, req *dns.Msg, z *dns.Zone) {
 
 	}
 
-	// For now:
-	// look up name -> yes, continue, no -> nxdomain
+	// If we don't have the name return NXDOMAIN
 	node := z.Find(req.Question[0].Name)
 	if node == nil {
 		m := new(dns.Msg)
@@ -34,21 +33,29 @@ func serve(w dns.ResponseWriter, req *dns.Msg, z *dns.Zone) {
 	}
 	apex := z.Find(z.Origin)
 
-	// Name found, look for type, yes, answer, no 
+	// Check if we have the type
 	if rrs, ok := node.RR[req.Question[0].Qtype]; ok {
-		// Need to look at class to but... no
 		m := new(dns.Msg)
 		m.SetReply(req)
 		m.MsgHdr.Authoritative = true
 		m.Answer = rrs
-		// auth section
-		m.Ns = apex.RR[dns.TypeNS]
+		m.Ns = apex.RR[dns.TypeNS] // Add auth section
 		w.Write(m)
 		return
 	} else {
-		// nodate reply
-		// soa in auth section
-		m := new(dns.Msg)
+		// We don't have the type, check if we have non-auth ns servers, if so
+		// we need to return a referral
+		if nss, ok := node.RR[dns.TypeNS]; ok && node.NonAuth {
+			log.Printf("Also Referral!!")
+			m := new(dns.Msg)
+			m.SetReply(req)
+			m.Ns = nss
+			// lookup the a records for additional, only when
+			// in baliwick
+			w.Write(m)
+
+		}
+		m := new(dns.Msg) // Nodata reply
 		m.SetReply(req)
 		m.Ns = apex.RR[dns.TypeSOA]
 		w.Write(m)