Domain Name System – Configure ddns and slave master zones with update-policy

I'm trying to configure ddns and master-slave zones and I wondered how to do this with the update-policy directive in the link configuration. I read bind docs and configure this:

zone "tech.com" {
master type;
allow-transfer {192.168.155.2;};
update-policy {
grant dnsupdate. name _acme-challenge.tech.com txt;
attribution 192.168.155.2 name * A;
};
notify yes;
file "/var/lib/bind/tech.com";
};

Is this the correct config? This zone is external, maybe I should use the public IP address for the DNS update?

I need the 192.168.151.1 master to send serials and zone updates to 192.168.155.2. And also certbot obtains certs with the dnsupdate key.