Is it possible to allow zone updates only to those clients that access the server over the loopback interface and supply a specific TSIG key (looking for a setup similar to the default rndc configuration)? Will the following do the thing? allow-update { !{ !localhost; }; tsigkey; }; Thank you, Vasiliy