diff --git a/network.yml b/network.yml
index de78097f..c1fb6c8b 100644
--- a/network.yml
+++ b/network.yml
@@ -22,6 +22,14 @@
 
 # Deplay authoritative DNS server
 - hosts: sputnik.adm.crans.org
+  vars:
+    bind:
+      master: false
+      master_ip: 10.231.136.118
+      zones:
+        - crans.org
+        - crans.eu
+        - crans.fr
   roles:
     - bind-authoritative
 
diff --git a/roles/bind-authoritative/tasks/main.yml b/roles/bind-authoritative/tasks/main.yml
index 0c962a8b..37199cec 100644
--- a/roles/bind-authoritative/tasks/main.yml
+++ b/roles/bind-authoritative/tasks/main.yml
@@ -6,3 +6,16 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+
+- name: Deploy Bind9 configuration
+  template:
+    src: bind/named.conf.local
+    dest: /etc/bind/named.conf.local
+    mode: 0644
+    owner: root
+    group: bind
+
+- name: Reload Bind9
+  systemd:
+    name: bind9
+    state: reloaded
diff --git a/roles/bind-authoritative/templates/bind/named.conf.local b/roles/bind-authoritative/templates/bind/named.conf.local
new file mode 100644
index 00000000..d1ef11fe
--- /dev/null
+++ b/roles/bind-authoritative/templates/bind/named.conf.local
@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+
+{% if not bind.master %}
+{% for zone in bind.zones %}
+zone "{{ zone }}" {
+	type slave;
+	masters { {{ bind.master_ip }}; };
+	file "bak.{{ zone }}";
+	allow-transfer { "none"; };
+	notify no;
+};
+
+{% endfor %}
+{% endif %}