diff --git a/deploy/cert-manager-webhook-ns1/Chart.yaml b/deploy/cert-manager-webhook-ns1/Chart.yaml
index 7921146..842a83a 100644
--- a/deploy/cert-manager-webhook-ns1/Chart.yaml
+++ b/deploy/cert-manager-webhook-ns1/Chart.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "v0.1.0"
 description: NS1 Webhook for Cert Manager
 name: cert-manager-webhook-ns1
-version: 0.4.2
+version: 0.4.3
diff --git a/deploy/cert-manager-webhook-ns1/templates/deployment.yaml b/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
index d3cd733..cfb5f5f 100644
--- a/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
+++ b/deploy/cert-manager-webhook-ns1/templates/deployment.yaml
@@ -34,6 +34,10 @@ spec:
           env:
             - name: GROUP_NAME
               value: {{ .Values.groupName | quote }}
+            {{- if .Values.nameservers }}
+            - name: NAMESERVERS
+              value: {{ join "," .Values.nameservers }}
+            {{- end }}
           ports:
             - name: https
               containerPort: {{ .Values.containerPort }}
diff --git a/deploy/cert-manager-webhook-ns1/values.yaml b/deploy/cert-manager-webhook-ns1/values.yaml
index e55d23b..7512314 100644
--- a/deploy/cert-manager-webhook-ns1/values.yaml
+++ b/deploy/cert-manager-webhook-ns1/values.yaml
@@ -6,6 +6,13 @@
 # Users should not generally need to edit the groupName.
 groupName: acme.nsone.net
 
+# Nameservers is used to force the webhook to use specific name servers.
+# This is useful when you have a split DNS service that might return
+# SOA records internally that don't exist in NSOne.
+nameservers:
+  #- 8.8.8.8:53
+  #- 1.1.1.1:53
+
 certManager:
   namespace: cert-manager
   serviceAccountName: cert-manager
diff --git a/main.go b/main.go
index 61c6d54..c15af02 100644
--- a/main.go
+++ b/main.go
@@ -24,12 +24,19 @@ import (
 )
 
 var groupName = os.Getenv("GROUP_NAME")
+var nameservers []string
 
 func main() {
 	if groupName == "" {
 		panic("GROUP_NAME must be specified")
 	}
 
+	if os.Getenv("NAMESERVERS") != "" {
+		nameservers = strings.Split(os.Getenv("NAMESERVERS"), ",")
+	} else {
+		nameservers = util.RecursiveNameservers
+	}
+
 	// This will register our NS1 DNS provider with the webhook serving
 	// library, making it available as an API under the provided groupName.
 	cmd.RunWebhookServer(groupName,
@@ -98,7 +105,7 @@ func (c *ns1DNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error {
 
 	_, err = c.ns1Client.Records.Create(record)
 	if err != nil {
-	  if err != ns1API.ErrRecordExists {
+		if err != ns1API.ErrRecordExists {
 			return err
 		}
 	}
@@ -227,13 +234,13 @@ func (c *ns1DNSProviderSolver) parseChallenge(ch *v1alpha1.ChallengeRequest) (
 ) {
 
 	if zone, err = util.FindZoneByFqdn(
-		ch.ResolvedFQDN, util.RecursiveNameservers,
+		ch.ResolvedFQDN, nameservers,
 	); err != nil {
 		return "", "", err
 	}
 	zone = util.UnFqdn(zone)
 
-	if idx := strings.Index(ch.ResolvedFQDN, "." + ch.ResolvedZone); idx != -1 {
+	if idx := strings.Index(ch.ResolvedFQDN, "."+ch.ResolvedZone); idx != -1 {
 		domain = ch.ResolvedFQDN[:idx]
 	} else {
 		domain = util.UnFqdn(ch.ResolvedFQDN)