diff --git a/bind/files/debian/named.conf.local b/bind/files/debian/named.conf.local
index 53a4653..68e2b0b 100644
--- a/bind/files/debian/named.conf.local
+++ b/bind/files/debian/named.conf.local
@@ -18,6 +18,13 @@ zone "{{ key }}" {
   {% if args['allow-update'] is defined  -%}
   allow-update { {{args['allow-update']}}; };
   {%- endif %}
+  {%- if args.update_policy is defined %}
+  update-policy {
+  {%-   for policy in args.update_policy %}
+    {{ policy }};
+  {%- endfor %}
+  };    
+  {%- endif %}
   {% if args['type'] == "master" -%}
     {% if args['notify'] -%}
   notify yes;
diff --git a/pillar.example b/pillar.example
index 7be83c6..2d322db 100644
--- a/pillar.example
+++ b/pillar.example
@@ -38,6 +38,8 @@ bind:
         my.zone:
           type: master
           notify: False
+          update_policy:
+            - "grant core_dhcp name dns_entry_allowed_to_update. ANY"
 
 bind:
   available_zones: