diff --git a/manifests/init.pp b/manifests/init.pp
index c99cae1..3adff80 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -14,6 +14,11 @@ class bind (
         ensure => latest,
     }
 
+    file { $::bind::params::bind_files:
+        ensure  => present,
+        require => Package[$bind_package],
+    }
+
     if $dnssec {
         file { '/usr/local/bin/dnssec-init':
             ensure => present,
@@ -53,9 +58,8 @@ class bind (
         require => Package[$bind::params::bind_package],
     }
 
-    file { "${confdir}/keys":
-        ensure  => directory,
-        mode    => 0755,
+    class { 'bind::keydir':
+        keydir => "${confdir}/keys",
         require => Package[$bind::params::bind_package],
     }
 
diff --git a/manifests/key.pp b/manifests/key.pp
index bf0ee9b..812dd3d 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -5,18 +5,22 @@ define bind::key (
     $secret,
     $owner     = 'root',
     $group     = $bind::params::bind_group,
-    path       = "${::bind::confdir}/keys"
 ) {
-    file { "${path}/${name}":
+    $keydir = $::bind::keydir::keydir
+
+    file { "${keydir}/${name}":
         ensure  => present,
         owner   => $owner,
         group   => $group,
         mode    => '0640',
         content => template('bind/key.conf.erb'),
-        notify  => Service[$bind::params::bind_service],
-        require => Package[$bind::params::bind_package],
     }
+
     if (defined(Class['bind'])) {
+        Package[$bind::params::bind_package] ->
+        File["${keydir}/${name}"] ~>
+        Service[$bind::params::bind_service]
+
         concat::fragment { "bind-key-${name}":
             order   => '10',
             target  => "${bind::confdir}/keys.conf",
diff --git a/manifests/keydir.pp b/manifests/keydir.pp
new file mode 100644
index 0000000..aa25edf
--- /dev/null
+++ b/manifests/keydir.pp
@@ -0,0 +1,10 @@
+# ex: syntax=puppet si ts=4 sw=4 et
+
+class bind::keydir (
+    $keydir = "${bind::params::confdir}/keys",
+) {
+    file { $keydir:
+        ensure  => directory,
+        mode    => 0755,
+    }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
index 04db6a7..6a056d3 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -11,7 +11,9 @@ class bind::params {
             $bind_user    = 'bind'
             $bind_group   = 'bind'
 
-            file { [
+            $nsupdate_package = 'dnsutils'
+
+            $bind_files = [
                 "${confdir}/bind.keys",
                 "${confdir}/db.empty",
                 "${confdir}/db.local",
@@ -22,10 +24,7 @@ class bind::params {
                 "${confdir}/named.conf.default-zones",
                 "${confdir}/rndc.key",
                 "${confdir}/zones.rfc1918",
-                ]:
-                ensure  => present,
-                require => Package[$bind_package],
-            }
+            ]
         }
         default: {
             fail("Operating system is not supported ${::osfamily}")
diff --git a/manifests/updater.pp b/manifests/updater.pp
new file mode 100644
index 0000000..764e95e
--- /dev/null
+++ b/manifests/updater.pp
@@ -0,0 +1,15 @@
+# ex: syntax=puppet si ts=4 sw=4 et
+
+class bind::updater (
+    $nsupdate_package,
+    $keydir = 
+) inherits bind::params {
+    package {'nsupdate':
+        name => $nsupdate_package,
+        ensure => present,
+    }
+
+    class { 'bind::keydir':
+        keydir => $keydir,
+    }
+}