diff --git a/dns-functions.sh b/dns-functions.sh
old mode 100644
new mode 100755
index fda1365..b0b59c5
--- a/dns-functions.sh
+++ b/dns-functions.sh
@@ -17,13 +17,16 @@ InsertZoneToIncludeFile() {
 		{
 			echo "zone \"""$1""\" {"
 			echo "	type master;"
+			[ -n "$4" ] && echo "	dnssec-policy $4"";"
 			echo "	file \"""$2""\";"
 			echo "};"
 		} > "$3"
 	else
+		[ -n "$4" ] && Extra="	dnssec-policy $4"";\n" || Extra=""
+		
 		sed -i "1i\
 zone \"""$1""\" {\n\
-	type master;\n\
+	type master;\n""$Extra\
 	file \"""$2""\";\n\
 };" "$3"
 	fi
@@ -107,12 +110,11 @@ NormalizeZoneFileFormatting() {
 }
 GetOwnGlueRecords() {
 	ServerName="$DNSSCRIPT_SERVER_NAME"
-	if [ -n "${ServerName##*$1}" ]; then
-		ServerName="$ServerName""$1"
+	if [ -z "${ServerName##*$2}" ]; then
+		ServerName="${ServerName%.$2}"
+		sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+\(.*\)$/'"$ServerName"'\tIN \2\t\3/p' "$3" | \
+		NormalizeZoneFileFormatting
 	fi
-	ServerName="$ServerName""."
-	sed -ne 's/^\s*'"$(GetServernameSEDEntry "$1")"'\s\+[Ii][Nn]\s\+\([Aa]\|[Aa]\{4\}\)\s\+\(.*\)$/'"$ServerName"'\tIN \2\t\3/p' "$2" | \
-	NormalizeZoneFileFormatting
 }
 GetOwnHoods() {
 	Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
diff --git a/update-dns.sh b/update-dns.sh
old mode 100644
new mode 100755
index 78d936d..4be7277
--- a/update-dns.sh
+++ b/update-dns.sh
@@ -5,12 +5,15 @@ set -e
 
 # Communityconfig
 CommunityDomain="fff.community"
+CommunityExternDomain="extern.fff.community"
 CommunitySubnets="10.50.0/16 10.83.0/16 fd43:5602:29bd::/48"
 RemoteLocation="https://git.freifunk-franken.de/freifunk-franken/dns/raw/branch/master/"
+DNSSECPolicy=""
+ServeMasterZone=0
 
 # Serverconfig
 export DNSSCRIPT_CONTACT_EMAIL=info.freifunk-herpf.de.
-# DNSSCRIPT_SERVER_NAME must be the server given in community zone files NS entry
+# DNSSCRIPT_SERVER_NAME must be the server given in community zone files NS entry (Full Hostname, w/o trailing dot)
 export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
 UpdateScriptsFolder="/usr/lib/ffdns/"
 ZoneFilesFolder="/etc/bind/fff/"
@@ -33,7 +36,7 @@ ExternalView="external-view"
 TTLReReExMi="3600 2000 6400 2419200 86400"
 
 # ForwardZones: "<Zone>/<Zonendatei>" ; optionaly multiple " ""<ZoneX>/<ZonendateiX>" no spaces in full filename
-ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.""$CommunityDomain"
+ForwardZones="$CommunityDomain""/""$ZoneFilesFolder""db.icvpn-internal-view.""$CommunityDomain"
 
 
 #############################################################
@@ -41,43 +44,58 @@ cd "$UpdateScriptsFolder"
 
 . ./dns-functions.sh
 
-MasterFile="$ZoneFilesFolder""db.""$CommunityDomain"
-BindInternalConfTmp="/tmp/""$CommunityDomain""-internal.conf"
-BindExternalConfTmp="/tmp/""$CommunityDomain""-external.conf"
+FirstInternal="$( echo "$InternalViews" | sed -ne 's/^\(\S\+\)\s.*$/\1/p')"
+MasterFile="$ZoneFilesFolder""db.""$FirstInternal"".""$CommunityDomain"
 BindIcvpnAclTmp="/tmp/icvpn-acl.conf"
-BindInternalConf="$BindIncludeFileFolder""$CommunityDomain""-internal.conf"
-BindExternalConf="$BindIncludeFileFolder""$CommunityDomain""-external.conf"
 BindIcvpnAcl="$BindIncludeFileFolder""icvpn-acl.conf"
 
+for IView in $InternalViews; do
+	rm -f "/tmp/""$IView"".conf"
+done
+rm -f "/tmp/""$ExternalView"".conf"
+
 PreFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
 curl -s -S -f "$RemoteLocation""db.""$CommunityDomain" --output "$MasterFile"
-PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
 
-if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
-	ReloadZone "$CommunityDomain" "$InternalViews"
-fi
-
-rm -f "$BindInternalConfTmp"
-rm -f "$BindExternalConfTmp"
-InsertZoneToIncludeFile "$CommunityDomain" "$MasterFile" "$BindInternalConfTmp"
-InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindInternalConfTmp"
-InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
-InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
-
-for Subnet in $CommunitySubnets; do
-	ReverseDomains="$(GetReverseDomains "$Subnet")"
-	for RDomain in $ReverseDomains; do
-		ReverseZoneFile="$(GetReverseZoneFileFromZone "${RDomain%*.}")"
-		! curl -s -f "$RemoteLocation""static.""$ReverseZoneFile" \
-			--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
-			rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
-		./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
-		InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
+if [ $ServeMasterZone -ne 0 ]; then
+	PostFetchMasterSerial="$(GetZoneFileSerial "$MasterFile")"
+	if [ $((PostFetchMasterSerial)) -gt $((PreFetchMasterSerial)) ]; then
+		ReloadZone "$CommunityDomain" "$InternalViews"
+	fi
+	
+	for Subnet in $CommunitySubnets; do
+		ReverseDomains="$(GetReverseDomains "$Subnet")"
+		for RDomain in $ReverseDomains; do
+			ReverseZoneFile="$(GetReverseZoneFileFromZone "${RDomain%*.}")"
+			! curl -s -f "$RemoteLocation""static.""$ReverseZoneFile" \
+				--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
+				rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
+			./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
+			for IView in $InternalViews; do
+				InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "/tmp/""$IView"".conf"
+			done
+		done
 	done
-done
-
-ExternFile="$ZoneFilesFolder""dbextern.""$CommunityDomain"
-./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView"
+	ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityDomain"
+	./update-extzone.sh "$MasterFile" "$ExternFile" "$CommunityDomain" "$ExternalView"
+	
+	for IView in $InternalViews; do
+		InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$CommunityDomain"
+		[ -f "$InternViewMasterZone" ] || ln -s "$MasterFile" "$InternViewMasterZone"
+		InsertZoneToIncludeFile "$CommunityDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
+	done
+	InsertZoneToIncludeFile "$CommunityDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
+	if [ -n "$CommunityExternDomain" ]; then
+		for IView in $InternalViews; do
+			InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$CommunityExternDomain"
+			[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
+			InsertZoneToIncludeFile "$CommunityExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
+		done
+		ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$CommunityExternDomain"
+		[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
+		InsertZoneToIncludeFile "$CommunityExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
+	fi
+fi
 
 # set shorter TTL for Hoods
 TTLReReExMi="420 360 180 1800 360"
@@ -87,7 +105,7 @@ Hoods="$(GetOwnHoods "$CommunityDomain" "$MasterFile")"
 for Hood in $Hoods; do
 	HoodDomain="${Hood%%\#*}"".""$CommunityDomain"
 	Subnets="$(echo "${Hood#*\#}" | sed -e 's/#/ /g')"
-	HoodZoneFile="$ZoneFilesFolder""db.""$HoodDomain"
+	HoodZoneFile="$ZoneFilesFolder""db.""$FirstInternal"".""$HoodDomain"
 	if [ ! -f "$HoodZoneFile" ]; then
 		{
 			echo "\$TTL ${TTLReReExMi%% *}"
@@ -99,48 +117,65 @@ for Hood in $Hoods; do
 			echo "                            ""$(echo "$TTLReReExMi" | awk '{print $5}')"" )     ; Negative Cache TTL"
 			echo ";"
 			echo "@                           IN NS     $DNSSCRIPT_SERVER_NAME""."""
-			GetOwnGlueRecords "$CommunityDomain" "$MasterFile"
+			GetOwnGlueRecords "$CommunityDomain" "$HoodDomain" "$MasterFile"
 			echo ";"
 		} > "$HoodZoneFile"
 	fi
 	./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews"
 	
-	InsertZoneToIncludeFile "$HoodDomain" "$HoodZoneFile" "$BindInternalConfTmp"
-	InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindInternalConfTmp"
-	InsertZoneToIncludeFile "$HoodDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
-	InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
-
 	HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
 	for Subnet in $Subnets; do
 		ReverseDomains="$(GetReverseDomains "$Subnet")"
 		for RDomain in $ReverseDomains; do
 			ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
 			./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
-			InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
+			for IView in $InternalViews; do
+				InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "/tmp/""$IView"".conf"
+			done
 		done
 	done
-	
-	ExternFile="$ZoneFilesFolder""dbextern.""$HoodDomain"
+	ExternFile="$ZoneFilesFolder""db.""$ExternalView"".""$HoodDomain"
 	./update-extzone.sh "$HoodZoneFile" "$ExternFile" "$HoodDomain" "$ExternalView"
+	
+	for IView in $InternalViews; do
+		InternViewMasterZone="$ZoneFilesFolder""db.""$IView"".""$HoodDomain"
+		[ -f "$InternViewMasterZone" ] || ln -s "$HoodZoneFile" "$InternViewMasterZone"
+		InsertZoneToIncludeFile "$HoodDomain" "$InternViewMasterZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
+	done
+	InsertZoneToIncludeFile "$HoodDomain" "$ExternFile" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
+	
+	if [ -n "$CommunityExternDomain" ]; then
+		HoodExternDomain="${Hood%%\#*}"".""$CommunityExternDomain"
+		for IView in $InternalViews; do
+			InternViewExternZone="$ZoneFilesFolder""db.""$IView"".""$HoodExternDomain"
+			[ -f "$InternViewExternZone" ] || ln -s "$ExternFile" "$InternViewExternZone"
+			InsertZoneToIncludeFile "$HoodExternDomain" "$InternViewExternZone" "/tmp/""$IView"".conf" "$DNSSECPolicy"
+		done
+		ExternViewExternZone="$ZoneFilesFolder""db.""$ExternalView"".""$HoodExternDomain"
+		[ -f "$ExternViewExternZone" ] || ln -s "$ExternFile" "$ExternViewExternZone"
+		InsertZoneToIncludeFile "$HoodExternDomain" "$ExternViewExternZone" "/tmp/""$ExternalView"".conf" "$DNSSECPolicy"
+	fi
 done
 
 ./update-public-acl.sh "$BindIcvpnAclTmp" "$RemoteLocation" "$RoutingTables"
 
-ReConfigBind=1
+ReConfigBind=0
 UpdateBindConfig() {
 	if [ -f "$1" ] && ! cmp -s "$1" "$2"; then
 		mv "$1" "$2"
-		ReConfigBind=0
+		ReConfigBind=1
 	else
 		rm -f "$1"
 	fi
 }
 
 UpdateBindConfig "$BindIcvpnAclTmp" "$BindIcvpnAcl"
-UpdateBindConfig "$BindInternalConfTmp" "$BindInternalConf"
-UpdateBindConfig "$BindExternalConfTmp" "$BindExternalConf"
+for IView in $InternalViews; do
+	UpdateBindConfig "/tmp/""$IView"".conf" "$BindIncludeFileFolder""$IView"".conf"
+done
+UpdateBindConfig "/tmp/""$ExternalView"".conf" "$BindIncludeFileFolder""$ExternalView"".conf"
 
-if [ $ReConfigBind -eq 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
+if [ $ReConfigBind -ne 0 ] || [ -f "/tmp/dnsscript-forcereconf" ]; then
 	if [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 0 ]; then
 		systemctl restart bind9
 	elif [ $((DNSSCRIPT_BIND_RELOAD_VER)) -eq 1 ]; then
diff --git a/update-extzone.sh b/update-extzone.sh
old mode 100644
new mode 100755
diff --git a/update-public-acl.sh b/update-public-acl.sh
old mode 100644
new mode 100755