diff --git a/docs/tutorials/rfc2136.md b/docs/tutorials/rfc2136.md
index 5b0bf7304..1ff0f6160 100644
--- a/docs/tutorials/rfc2136.md
+++ b/docs/tutorials/rfc2136.md
@@ -12,6 +12,39 @@ key "externaldns-key" {
 ```
 - `Warning!` Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.
 
+```text
+# cat /etc/named.conf
+...
+include "/etc/rndc.key";
+
+controls {
+	inet 123.123.123.123 port 953 allow { 10.x.y.151; } keys { "externaldns-key"; };
+};
+options {
+	include "/etc/named/options.conf";
+};
+
+include "/etc/named/zones.conf";
+...
+
+# cat /etc/named/options.conf
+...
+dnssec-enable yes;
+dnssec-validation yes;
+...
+
+# cat /etc/named/zones.conf
+...
+zone "example.com" {
+	type master;
+	file "/var/named/dynamic/db.example.com";
+	update-policy {
+		grant externaldns-key zonesub ANY;
+  	};
+};
+...
+```
+
 ## RFC2136 provider configuration:
 - Example fragment of real configuration of ExternalDNS service pod.
 
@@ -31,4 +64,4 @@ key "externaldns-key" {
 - `rfc2136-tsig-keyname` - this is string parameter with secret key name it is should `MATCH!` with server key name. In example it is `externaldns-key`.
  
 
-   
\ No newline at end of file
+