diff --git a/dns-functions.sh b/dns-functions.sh
old mode 100755
new mode 100644
index 3f03de7..fda1365
--- a/dns-functions.sh
+++ b/dns-functions.sh
@@ -115,9 +115,8 @@ GetOwnGlueRecords() {
 	NormalizeZoneFileFormatting
 }
 GetOwnHoods() {
-	Entries="$(sed -ne "s/^\s*\(\S*\)[^;]*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
-	Entries="$(echo "$Entries" | sed -r 's/\s+/#/g')"
-	
+	Entries="$(sed -ne "s/^\s*\(\S*\).*\s\+[Ii][Nn]\s\+[Nn][Ss]\s\+""$(GetServernameSEDEntry "$1")""\s*;\s*Subnets:\s*\([^;]*\)/\1 \3/p" "$2")"
+	Entries="$(echo "$Entries" | sed -e '/^[eE][xX][tT][eE][rR][nN]\s/d' | sed -r 's/\s+/#/g')"	
 	echo "$Entries"
 }
 IsValidIPv4Subnet() {
diff --git a/update-dns.sh b/update-dns.sh
old mode 100755
new mode 100644
index f46d91a..78d936d
--- a/update-dns.sh
+++ b/update-dns.sh
@@ -15,6 +15,8 @@ export DNSSCRIPT_SERVER_NAME=dns.herpf.fff.community
 UpdateScriptsFolder="/usr/lib/ffdns/"
 ZoneFilesFolder="/etc/bind/fff/"
 BindIncludeFileFolder="/etc/bind/"
+# specify the bird/babel or other routing table[s]
+# if RoutingTables is empty, the ICVPN-ACL-List will be fetched remotely (for servers that are no gateways)
 RoutingTables="10"
 
 # -1 -> disable bind [restart|reload]
@@ -58,7 +60,9 @@ fi
 rm -f "$BindInternalConfTmp"
 rm -f "$BindExternalConfTmp"
 InsertZoneToIncludeFile "$CommunityDomain" "$MasterFile" "$BindInternalConfTmp"
+InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindInternalConfTmp"
 InsertZoneToIncludeFile "$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
+InsertZoneToIncludeFile "extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$CommunityDomain" "$BindExternalConfTmp"
 
 for Subnet in $CommunitySubnets; do
 	ReverseDomains="$(GetReverseDomains "$Subnet")"
@@ -68,7 +72,7 @@ for Subnet in $CommunitySubnets; do
 			--output "$ZoneFilesFolder""static.""$ReverseZoneFile" && \
 			rm -f "$ZoneFilesFolder""static.""$ReverseZoneFile"
 		./update-rdnszone.sh "$RDomain" "$ForwardZones" "$ZoneFilesFolder""$ReverseZoneFile" "$TTLReReExMi" "$InternalViews"
-		InsertZoneToIncludeFile "$RDomain" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
+		InsertZoneToIncludeFile "${RDomain%*.}" "$ZoneFilesFolder""$ReverseZoneFile" "$BindInternalConfTmp"
 	done
 done
 
@@ -102,7 +106,9 @@ for Hood in $Hoods; do
 	./update-hoodzone.sh "$HoodZoneFile" "$HoodDomain" "$Subnets" "$InternalViews"
 	
 	InsertZoneToIncludeFile "$HoodDomain" "$HoodZoneFile" "$BindInternalConfTmp"
+	InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindInternalConfTmp"
 	InsertZoneToIncludeFile "$HoodDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
+	InsertZoneToIncludeFile "${Hood%%\#*}"".extern.""$CommunityDomain" "$ZoneFilesFolder""dbextern.""$HoodDomain" "$BindExternalConfTmp"
 
 	HoodForwardZones="$ForwardZones $HoodDomain""/""$HoodZoneFile"
 	for Subnet in $Subnets; do
@@ -110,7 +116,7 @@ for Hood in $Hoods; do
 		for RDomain in $ReverseDomains; do
 			ReverseZoneFileFullPath="$ZoneFilesFolder""$(GetReverseZoneFileFromZone "${RDomain%*.}")"
 			./update-rdnszone.sh "$RDomain" "$HoodForwardZones" "$ReverseZoneFileFullPath" "$TTLReReExMi" "$InternalViews"
-			InsertZoneToIncludeFile "$RDomain" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
+			InsertZoneToIncludeFile "${RDomain%*.}" "$ReverseZoneFileFullPath" "$BindInternalConfTmp"
 		done
 	done
 	
diff --git a/update-extzone.sh b/update-extzone.sh
old mode 100755
new mode 100644
index 0925b8d..4e35b0c
--- a/update-extzone.sh
+++ b/update-extzone.sh
@@ -11,6 +11,13 @@ SerialIntern="$(GetZoneFileSerial "$InternalZoneFile")"
 SerialExtern="$(GetZoneFileSerial "$ExternalZoneFile")"
 
 if [ $((SerialIntern)) -gt $((SerialExtern)) ]; then
-	sed '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d' "$InternalZoneFile" > "$ExternalZoneFile"
+	ZoneContent="$(sed -e '/^[^;]*\s\(10.\|[fF][cdCD][0-9a-fA-F]\{2\}:\)\S*\s*\(;.*\)\?$/d; \
+	s/^[^;^@]*\s\+\([^;]*\)\s[Ii][Nn]\s\+[Ss][Oo][Aa]\s/@                         \1 IN SOA /g' "$InternalZoneFile")"
+	
+	[ -n "$( echo "$ZoneContent" | sed -e '/^[eE][xX][tT][eE][rR][nN]\s[^;]*\s[Ii][Nn]\s\+[Nn][Ss]/!d')" ] \
+		&& ZoneContent="$(echo "$ZoneContent" | sed -e '/^@\s[^;]*\s[Ii][Nn]\s\+[Nn][Ss]\s/d; \
+			s/^[eE][xX][tT][eE][rR][nN]\s\([^;]*\s[Ii][Nn]\s\+[Nn][Ss]\s.*\)/@      \1/g; \
+			s/^\(@                         [^;]* IN SOA\)\s\+\S\+\s\+\S\+\s/\1 '"$DNSSCRIPT_SERVER_NAME"'. '"$DNSSCRIPT_CONTACT_EMAIL"' /g')"
+	echo "$ZoneContent" > "$ExternalZoneFile"
 	ReloadZone "$ExternalZone" "$ExternalView"
 fi
diff --git a/update-public-acl.sh b/update-public-acl.sh
old mode 100755
new mode 100644
index 7a871ec..3628bed
--- a/update-public-acl.sh
+++ b/update-public-acl.sh
@@ -8,25 +8,76 @@ Tables="$3"
 
 rm -f "$IncludeFile"
 
-Installed4Routes=""
-Installed6Routes=""
-for Table in $Tables; do
-	Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
-	Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
-done
-PublicSubs="$(echo "$Installed6Routes" | \
-	sed -e '/^default from/!d;s/.* from \(\S\+\).*/\t\1;/g')"
-PrivatePrefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\|[fF][cCdD][0-9a-fA-F]\{2\}:\)"
-PublicSingles="$(echo "$Installed4Routes" | \
-	sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$PrivatePrefix"'\|^\t\(default\|0\.\)\|^$/d' \
-	&& echo "$Installed6Routes" | \
-	sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$PrivatePrefix"'\|^\t\(default\|::\|64:ff9b::\)\|^$/d')"
+if [ -z "$Tables" ]; then
+	# this is only a rude fallback and not recommended
+	# create your own file on a gateway with the community routing tables and use this one
+	RemoteFile="$(curl -s -S -f "https://gw01.herpf.fff.community/ffdns/icvpn-acl.conf")"
+	if [ -n "$RemoteFile" ]; then
+		echo "$RemoteFile" > "$IncludeFile"
+	fi
+else
+	Installed4Routes=""
+	Installed6Routes=""
+	for Table in $Tables; do
+		Installed4Routes="$(echo "$Installed4Routes" && ip -4 ro sh ta "$Table")"
+		Installed6Routes="$(echo "$Installed6Routes" && ip -6 ro sh ta "$Table")"
+	done
+	PublicSubs="$(echo "$Installed6Routes" | \
+		sed -e '/^default from/!d;s/.* from \(\S\+\).*/\1/g')"
+	Privatev4Prefix="\(192\.168\.\|172\.\(1[6-9]\|2[0-9]\|3[01]\)\.\|10\.\)"
+	Privatev6Prefix="\([fF][cCdD][0-9a-fA-F]\{2\}:\)"
+	Publicv4Singles="$(echo "$Installed4Routes" | \
+		sed -e 's/^\(\S\+\)\s.*/\t\1;/g;/^\t'"$Privatev4Prefix"'\|^\t\(unreachable\|default\|0\.\)\|^$/d')"
+	Publicv6Singles="$(echo "$Installed6Routes" | \
+		sed -e 's/^\(\S\+\)\s.*/\1/g;/^'"$Privatev6Prefix"'\|^\(unreachable\|default\|::\|64:ff9b::\)\|^$/d')"
+	
+	# the following code is not well optimized yet and may take a bit to process
+	# therefore it is not recommended to activate it on hardware-routers
+	# even in other environments it did not speed up bind9 measurable, its just for a smaller acl-file, e.g. for redistribution
 
-{
-	echo "acl icvpnrange {" 
-	echo "	icvpnlocal;"
-	echo "$PublicSubs"
-	echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
-	echo "$PublicSingles"
-	echo "};"
-} > "$IncludeFile"
\ No newline at end of file
+	#for Subnet in $PublicSubs; do
+	#	SubnetIPFilled="$(FillIPv6Zeroes "$(echo "${Subnet%/*}" | awk '{print tolower($0)}')")"
+	#	Mask="${Subnet##*/}"
+	#	Statics=$((Mask / 4))
+	#	BlockMask=$((Mask % 4))
+	#	if [ $BlockMask -ne 0 ]; then
+	#		BlockMask=$((4 - BlockMask))
+	#		BlockMask=$((-1 << $BlockMask))
+	#		SubnetBlock="$(printf %d 0x"$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
+	#		SubnetBlock=$((SubnetBlock & BlockMask))
+	#	fi
+	#	
+	#	SubnetStaticPart="$(echo "$SubnetIPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
+	#	
+	#	for Single in $Publicv6Singles; do
+	#		IPFilled="$(FillIPv6Zeroes "$(echo "${Single%/*}" | awk '{print tolower($0)}')")"
+	#		MaskIP="$( echo "$Single" | sed -e 's/^[^/]*\(\/\)\?//g')"
+	#		MaskIP="${MaskIP:-128}"
+	#		IsInSub="$([ $((Mask)) -le $((MaskIP)) ]; echo "$?")"
+	#		if [ $IsInSub -eq 0 ]; then
+	#			IPStaticPart="$(echo "$IPFilled" | awk 'BEGIN{FS=""}{for(i='"$Statics"';i>0;i--) printf $i;}')"
+	#			IsInSub="$([ "$IPStaticPart" = "$SubnetStaticPart" ]; echo "$?")"
+	#		fi
+	#		if [ $IsInSub -eq 0 ] && [ $BlockMask -ne 0 ]; then
+	#			IPBlock="$(printf %d 0x"$(echo "$IPFilled" | awk 'BEGIN{FS=""}{printf $'"$((Statics+1))"'}')")"
+	#			IPBlock=$((IPBlock & BlockMask))
+	#			IsInSub="$([ $IPBlock -eq $SubnetBlock ]; echo "$?")"
+	#		fi
+	#		
+	#		! [ $IsInSub -eq 0 ] \
+	#			&& NewSingles="$( [ -n "$NewSingles" ] && echo "$NewSingles"; echo "$Single")"
+	#	done
+	#	Publicv6Singles="$NewSingles"
+	#	NewSingles=""
+	#done	
+	
+	{
+		echo "acl icvpnrange {" 
+		echo "	icvpnlocal;"
+		echo "$PublicSubs" | sed -e 's/\(.*\)/\t\1;/g'
+		echo "$(curl -s -S -f "$RemoteLocation""external.dnsserverips" | sed -e 's/^/\t/g;s/$/;/g')"
+		echo "$Publicv4Singles"
+		echo "$Publicv6Singles" | sed -e 's/\(.*\)/\t\1;/g'
+		echo "};"
+	} > "$IncludeFile"
+fi