diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2
index 12b3dce4..780d0e50 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@@ -31,6 +31,9 @@ zone "_acme-challenge.crans.org" {
 	{% endfor -%}
 	};
 	notify yes;
+	update-policy {
+		grant certbot_challenge. name _acme-challenge.crans.org txt;
+	};
 	{% else -%}
 	type slave;
 	masters {
@@ -44,10 +47,7 @@ zone "_acme-challenge.crans.org" {
 	allow-transfer { "none"; };
 	notify no;
 	{% endif -%}
-	file "bak.{{ zone }}";
-	update-policy {
-		grant certbot_challenge. name _acme-challenge.crans.org txt;
-	};
+	file "bak._acme-challenge.crans.org";
 };
 
 // Crans zones