Domain Name System – Configure ddns and slave master zones with update-policy

I'm trying to configure ddns and master-slave zones and I wondered how to do this with the update-policy directive in the link configuration. I read bind docs and configure this:

zone "" {
master type;
allow-transfer {;};
update-policy {
grant dnsupdate. name txt;
attribution name * A;
notify yes;
file "/var/lib/bind/";

Is this the correct config? This zone is external, maybe I should use the public IP address for the DNS update?

I need the master to send serials and zone updates to And also certbot obtains certs with the dnsupdate key.