diff --git a/package.json b/package.json
index 62d82da3def771bb5ac45baea2041fd2effbeef4..0bee54fa56f9a4224fd2546686af2df9308b321a 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
         "winston": "0.5.6"
     },
     "devDependencies": {
+        "xml2json": "0.2.4",
         "vows": "0.5.13",
         "aws-lib": "0.0.5"
     },
diff --git a/scripts/deploy.js b/scripts/deploy.js
index 033050db68ae9f467f7e7ac59a2c4488a76bab62..959c54b153a1e881cdfd8e40e263d710498ccf8a 100755
--- a/scripts/deploy.js
+++ b/scripts/deploy.js
@@ -6,7 +6,8 @@ path = require('path');
 vm = require('./deploy/vm.js'),
 key = require('./deploy/key.js'),
 ssh = require('./deploy/ssh.js'),
-git = require('./deploy/git.js');
+git = require('./deploy/git.js'),
+dns = require('./deploy/dns.js');
 
 var verbs = {};
 
@@ -63,6 +64,12 @@ verbs['deploy'] = function(args) {
   });
 };
 
+verbs['test'] = function(args) {
+  dns.addRecord('foo', "1.2.3.4", function(err, r) {
+    console.log(err, r);
+  });
+};
+
 verbs['list'] = function(args) {
   vm.list(function(err, r) {
     checkErr(err);
diff --git a/scripts/deploy/dns.js b/scripts/deploy/dns.js
new file mode 100644
index 0000000000000000000000000000000000000000..2d0aba97d2833c10a34ecef2f10004038b3f4f99
--- /dev/null
+++ b/scripts/deploy/dns.js
@@ -0,0 +1,60 @@
+const
+http = require('http'),
+xml2json = require('xml2json'),
+jsel = require('JSONSelect');
+
+const envVar = 'BROWSERID_DEPLOY_DNS_KEY';
+if (!process.env[envVar]) {
+  throw "Missing api key!  contact lloyd and set the key in your env: "
+    + envVar;
+}
+
+const api_key = process.env[envVar];
+
+function doRequest(method, path, body, cb) {
+  var req = http.request({
+    auth: 'lloyd@hilaiel.com:' + api_key,
+    host: 'ns.zerigo.com',
+    port: 80,
+    path: path,
+    method: method,
+    headers: {
+      'Content-Type': 'application/xml',
+      'Content-Length': body ? body.length : 0 
+    }
+  }, function(r) {
+    console.log(r.headers);
+//    if (r.statusCode != 200) return cb("non 200 status: " + r.statusCode);
+    buf = "";
+    r.on('data', function(chunk) {
+      buf += chunk;
+    });
+    r.on('end', function() {
+      console.log(buf);
+      cb(null, JSON.parse(xml2json.toJson(buf)));
+    });
+  });
+  if (body) req.write(body);
+  req.end();
+};
+
+exports.addRecord = function (hostname, ip, cb) {
+  doRequest('GET', '/api/1.1/zones.xml', null, function(err, r) {
+    if (err) return cb(err);
+    var m = jsel.match('object:has(:root > .domain:val(?)) > .id .$t',
+                       [ 'hacksign.in' ], r);
+    if (m.length != 1) return cb("couldn't extract domain id from zerigo"); 
+    var path = '/api/1.1/hosts.xml?zone_id=' + m[0];
+    var body = '<host><data>' + ip + '</data><host-type>A</host-type>';
+    body += '<hostname>' + hostname + '.hacksign.in</hostname>'
+    body += '<priority type="integer" nil="true"/>';
+    body += '<ttl type="integer" nil="true"/></host>';
+    console.log(xml2json.toJson(body));
+    doRequest('POST', '/api/1.1/zones.xml', body, function(err, r) {
+      console.log(err, JSON.stringify(r, null, 2));
+    });
+  });
+};
+
+
+