diff --git a/roles/bind-authoritative/tasks/dnssec.yml b/roles/bind-authoritative/tasks/dnssec.yml
new file mode 100644
index 00000000..f01f4353
--- /dev/null
+++ b/roles/bind-authoritative/tasks/dnssec.yml
@@ -0,0 +1,4 @@
+---
+- name: TODO
+  debug:
+    msg: "Hey some work is being done here!"
diff --git a/roles/bind-authoritative/tasks/main.yml b/roles/bind-authoritative/tasks/main.yml
index b7554dff..97e31127 100644
--- a/roles/bind-authoritative/tasks/main.yml
+++ b/roles/bind-authoritative/tasks/main.yml
@@ -7,6 +7,17 @@
   retries: 3
   until: apt_result is succeeded
 
+- name: Lookup DNS servers
+  set_fact:
+    masters_ipv4: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
+    masters_ipv6: "{{ bind.masters | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
+    slaves_ipv4: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
+    slaves_ipv6: "{{ bind.slaves | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}"
+
+- name: Is this the master?
+  set_fact:
+    is_master: "{{ ansible_all_ipv4_addresses | intersect(masters_ipv4) | bool }}"
+
 - name: Deploy Bind9 configuration
   template:
     src: bind/{{ item }}.j2
@@ -20,6 +31,9 @@
     - named.conf.options
   notify: Reload Bind9
 
+- include: dnssec.yml
+  when: is_master
+
 - name: Indicate role in motd
   template:
     src: update-motd.d/05-service.j2
diff --git a/roles/bind-authoritative/templates/bind/named.conf.local.j2 b/roles/bind-authoritative/templates/bind/named.conf.local.j2
index fb2b7c7c..71d37e45 100644
--- a/roles/bind-authoritative/templates/bind/named.conf.local.j2
+++ b/roles/bind-authoritative/templates/bind/named.conf.local.j2
@@ -4,12 +4,6 @@
 // organization
 //include "/etc/bind/zones.rfc1918";
 
-{%- set masters_ipv4 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
-{%- set masters_ipv6 = bind.masters | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
-{%- set slaves_ipv4 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv4[]") %}
-{%- set slaves_ipv6 = bind.slaves | json_query("servers[].interface[?vlan_id==`2`].ipv6[][].ipv6") %}
-{%- set is_master = ansible_all_ipv4_addresses | intersect(masters_ipv4) %}
-
 {% if is_master -%}
 // Let's Encrypt Challenge DNS-01 key
 key "certbot_challenge." {
diff --git a/roles/bind-authoritative/templates/update-motd.d/05-service.j2 b/roles/bind-authoritative/templates/update-motd.d/05-service.j2
index 14a3c3d2..39aab850 100755
--- a/roles/bind-authoritative/templates/update-motd.d/05-service.j2
+++ b/roles/bind-authoritative/templates/update-motd.d/05-service.j2
@@ -1,3 +1,7 @@
 #!/usr/bin/tail +14
 {{ ansible_header | comment }}
-[0m> [38;5;82mBind9 (autoritaire)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% if is_master %}
+[0m> [38;5;82mBind9 (autoritaire, maître)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% else %}
+[0m> [38;5;82mBind9 (autoritaire, esclave)[0m a été déployé sur cette machine. Voir [38;5;6m/etc/bind/[0m.
+{% endif %}