diff --git a/core/core.go b/core/core.go
index ff48e05a..7b3b4532 100644
--- a/core/core.go
+++ b/core/core.go
@@ -3,14 +3,28 @@ package core
 import (
 	"fmt"
 
+	"github.com/safing/portbase/modules/subsystems"
+
 	"github.com/safing/portbase/modules"
 )
 
+var (
+	module *modules.Module
+)
+
 func init() {
-	modules.Register("core", nil, startCore, nil, "database", "config", "api", "random")
+	module = modules.Register("core", nil, start, nil, "database", "config", "api", "random", "notifications", "subsystems", "ui", "updates", "status")
+	subsystems.Register(
+		"core",
+		"Core",
+		"Base Structure and System Integration",
+		module,
+		"config:core/",
+		nil,
+	)
 }
 
-func startCore() error {
+func start() error {
 	if err := startPlatformSpecific(); err != nil {
 		return fmt.Errorf("failed to start plattform-specific components: %s", err)
 	}
diff --git a/core/global.go b/core/global.go
index 776305d4..13c6cfa9 100644
--- a/core/global.go
+++ b/core/global.go
@@ -4,6 +4,8 @@ import (
 	"errors"
 	"flag"
 
+	"github.com/safing/portbase/modules/subsystems"
+
 	"github.com/safing/portbase/api"
 	"github.com/safing/portbase/dataroot"
 	"github.com/safing/portbase/modules"
@@ -56,5 +58,8 @@ func globalPrep() error {
 	// set notification persistence
 	notifications.SetPersistenceBasePath("core:notifications")
 
+	// set subsystem status dir
+	subsystems.SetDatabaseKeySpace("core:status/subsystems")
+
 	return nil
 }
diff --git a/intel/geoip/module.go b/intel/geoip/module.go
index 1161929b..94827e6a 100644
--- a/intel/geoip/module.go
+++ b/intel/geoip/module.go
@@ -11,7 +11,7 @@ var (
 )
 
 func init() {
-	module = modules.Register("geoip", prep, nil, nil, "updates")
+	module = modules.Register("geoip", prep, nil, nil, "core")
 }
 
 func prep() error {
diff --git a/intel/module.go b/intel/module.go
new file mode 100644
index 00000000..99169de3
--- /dev/null
+++ b/intel/module.go
@@ -0,0 +1,9 @@
+package intel
+
+import (
+	"github.com/safing/portbase/modules"
+)
+
+func init() {
+	modules.Register("intel", nil, nil, nil, "geoip")
+}
diff --git a/main.go b/main.go
index 3bb1b903..b569ebeb 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	"github.com/safing/portbase/run"
 
 	// include packages here
+	_ "github.com/safing/portbase/modules/subsystems"
 	_ "github.com/safing/portmaster/core"
 	_ "github.com/safing/portmaster/firewall"
 	_ "github.com/safing/portmaster/nameserver"
@@ -14,13 +15,6 @@ import (
 )
 
 func main() {
-	/*go func() {
-		time.Sleep(10 * time.Second)
-		fmt.Fprintln(os.Stderr, "===== TAKING TOO LONG FOR SHUTDOWN - PRINTING STACK TRACES =====")
-		_ = pprof.Lookup("goroutine").WriteTo(os.Stderr, 2)
-		os.Exit(1)
-	}()*/
-
 	info.Set("Portmaster", "0.3.9", "AGPLv3", true)
 	os.Exit(run.Run())
 }
diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go
index e3563657..ba7c6577 100644
--- a/nameserver/nameserver.go
+++ b/nameserver/nameserver.go
@@ -5,18 +5,18 @@ import (
 	"net"
 	"strings"
 
-	"github.com/safing/portmaster/network/environment"
-
-	"github.com/miekg/dns"
+	"github.com/safing/portbase/modules/subsystems"
 
 	"github.com/safing/portbase/log"
 	"github.com/safing/portbase/modules"
-
 	"github.com/safing/portmaster/detection/dga"
 	"github.com/safing/portmaster/firewall"
-	"github.com/safing/portmaster/intel"
 	"github.com/safing/portmaster/network"
+	"github.com/safing/portmaster/network/environment"
 	"github.com/safing/portmaster/network/netutils"
+	"github.com/safing/portmaster/resolver"
+
+	"github.com/miekg/dns"
 )
 
 var (
@@ -30,10 +30,18 @@ var (
 )
 
 func init() {
-	module = modules.Register("nameserver", initLocalhostRRs, start, stop, "core", "intel", "network")
+	module = modules.Register("nameserver", prep, start, stop, "core", "resolver", "network")
+	subsystems.Register(
+		"dns",
+		"Secure DNS",
+		"DNS resolver with scoping and DNS-over-TLS",
+		module,
+		"config:dns/",
+		nil,
+	)
 }
 
-func initLocalhostRRs() error {
+func prep() error {
 	localhostIPv4, err := dns.NewRR("localhost. 17 IN A 127.0.0.1")
 	if err != nil {
 		return err
@@ -45,6 +53,7 @@ func initLocalhostRRs() error {
 	}
 
 	localhostRRs = []dns.RR{localhostIPv4, localhostIPv6}
+
 	return nil
 }
 
@@ -56,7 +65,7 @@ func start() error {
 		err := dnsServer.ListenAndServe()
 		if err != nil {
 			// check if we are shutting down
-			if module.ShutdownInProgress() {
+			if module.IsStopping() {
 				return nil
 			}
 			// is something blocking our port?
@@ -108,7 +117,7 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 
 	// only process first question, that's how everyone does it.
 	question := query.Question[0]
-	q := &intel.Query{
+	q := &resolver.Query{
 		FQDN:  question.Name,
 		QType: dns.Type(question.Qtype),
 	}
@@ -176,7 +185,7 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 	}()
 
 	// save security level to query
-	q.SecurityLevel = comm.Process().ProfileSet().SecurityLevel()
+	q.SecurityLevel = comm.Process().Profile().SecurityLevel()
 
 	// check for possible DNS tunneling / data transmission
 	// TODO: improve this
@@ -189,7 +198,7 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 	}
 
 	// check profile before we even get intel and rr
-	firewall.DecideOnCommunicationBeforeIntel(comm, q.FQDN)
+	firewall.DecideOnCommunicationBeforeDNS(comm)
 	comm.Lock()
 	comm.SaveWhenFinished()
 	comm.Unlock()
@@ -200,8 +209,8 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 		return nil
 	}
 
-	// get intel and RRs
-	rrCache, err := intel.Resolve(ctx, q)
+	// resolve
+	rrCache, err := resolver.Resolve(ctx, q)
 	if err != nil {
 		// TODO: analyze nxdomain requests, malware could be trying DGA-domains
 		tracer.Warningf("nameserver: %s requested %s%s: %s", comm.Process(), q.FQDN, q.QType, err)
@@ -209,31 +218,6 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 		return nil
 	}
 
-	// get current intel
-	comm.Lock()
-	domainIntel := comm.Intel
-	comm.Unlock()
-	if domainIntel == nil {
-		// fetch intel
-		domainIntel, err = intel.GetIntel(ctx, q)
-		if err != nil {
-			tracer.Warningf("nameserver: failed to get intel for %s%s: %s", q.FQDN, q.QType, err)
-			returnNXDomain(w, query)
-		}
-		comm.Lock()
-		comm.Intel = domainIntel
-		comm.Unlock()
-	}
-
-	// check with intel
-	firewall.DecideOnCommunicationAfterIntel(comm, q.FQDN, rrCache)
-	switch comm.GetVerdict() {
-	case network.VerdictUndecided, network.VerdictBlock, network.VerdictDrop:
-		tracer.Infof("nameserver: %s denied after intel, returning nxdomain", comm)
-		returnNXDomain(w, query)
-		return nil
-	}
-
 	// filter DNS response
 	rrCache = firewall.FilterDNSResponse(comm, q, rrCache)
 	if rrCache == nil {
@@ -246,9 +230,9 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 	for _, rr := range append(rrCache.Answer, rrCache.Extra...) {
 		switch v := rr.(type) {
 		case *dns.A:
-			ipInfo, err := intel.GetIPInfo(v.A.String())
+			ipInfo, err := resolver.GetIPInfo(v.A.String())
 			if err != nil {
-				ipInfo = &intel.IPInfo{
+				ipInfo = &resolver.IPInfo{
 					IP:      v.A.String(),
 					Domains: []string{q.FQDN},
 				}
@@ -260,9 +244,9 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, query *dns.Msg) er
 				}
 			}
 		case *dns.AAAA:
-			ipInfo, err := intel.GetIPInfo(v.AAAA.String())
+			ipInfo, err := resolver.GetIPInfo(v.AAAA.String())
 			if err != nil {
-				ipInfo = &intel.IPInfo{
+				ipInfo = &resolver.IPInfo{
 					IP:      v.AAAA.String(),
 					Domains: []string{q.FQDN},
 				}
diff --git a/process/module.go b/process/module.go
new file mode 100644
index 00000000..bfed029e
--- /dev/null
+++ b/process/module.go
@@ -0,0 +1,17 @@
+package process
+
+import (
+	"github.com/safing/portbase/modules"
+)
+
+var (
+	module *modules.Module
+)
+
+func init() {
+	module = modules.Register("processes", prep, nil, nil, "profiles")
+}
+
+func prep() error {
+	return registerConfiguration()
+}
diff --git a/status/module.go b/status/module.go
index ca788701..f7ac9231 100644
--- a/status/module.go
+++ b/status/module.go
@@ -10,7 +10,7 @@ import (
 )
 
 func init() {
-	modules.Register("status", nil, start, stop, "core")
+	modules.Register("status", nil, start, stop, "config", "database")
 }
 
 func start() error {
diff --git a/ui/module.go b/ui/module.go
index 3971ae43..75a127a2 100644
--- a/ui/module.go
+++ b/ui/module.go
@@ -5,7 +5,7 @@ import (
 )
 
 func init() {
-	modules.Register("ui", prep, nil, nil, "core", "updates")
+	modules.Register("ui", prep, nil, nil, "api", "updates")
 }
 
 func prep() error {
diff --git a/updates/main.go b/updates/main.go
index 38f7ad9d..e7a550a7 100644
--- a/updates/main.go
+++ b/updates/main.go
@@ -29,7 +29,7 @@ var (
 )
 
 func init() {
-	module = modules.Register("updates", registerConfig, start, stop, "core")
+	module = modules.Register("updates", registerConfig, start, stop, "config", "database")
 	module.RegisterEvent(eventVersionUpdate)
 	module.RegisterEvent(eventResourceUpdate)
 }