diff --git a/src/Controller/DomainController.php b/src/Controller/DomainController.php
index f0a0f33..99f07aa 100644
--- a/src/Controller/DomainController.php
+++ b/src/Controller/DomainController.php
@@ -21,6 +21,8 @@ class DomainController
 	private string $localZonesDir;
 	private string $namedConfLocalFile;
 	private string $zoneCachePath;
+	private string $keyhelpNamedCond;
+	
 	
 	public function __construct(private NameserverRepository $nameserverRepository, private ApiController $checkController, private DomainRepository $domainRepository, private PanelRepository $panelRepository,  private array $config,  private Logger $log)
 	{
@@ -33,6 +35,7 @@ class DomainController
 		$this->localZonesDir = '/etc/bind/zones/';
 		$this->namedConfLocalFile = '/etc/bind/named.conf.local';
 		$this->zoneCachePath = '/var/cache/bind/';
+		$this-> keyhelpNamedCond = '/etc/bind/named.conf.keyhelp';
 	}
 	
 	
@@ -115,6 +118,9 @@ class DomainController
 		$members = $bindGroup['members'];
 		if (in_array(needle: $name, haystack: $members)) {
 			echo "\t✅ is in group 'bind" . PHP_EOL;
+		} else {
+			echo "\t❌$name needs to be in group $bindGroup!" . PHP_EOL;
+			
 		}
 		
 		echo 'Checking file: ' . $this->localZoneFile . PHP_EOL;
@@ -203,6 +209,13 @@ class DomainController
 			$this->log->debug(message: "createZoneFile($domainName)");
 		}
 		
+		// check if we're a master zone
+		$keyhelpConf = file_get_contents(filename: $this->keyhelpNamedCond);
+		if (str_contains($keyhelpConf, $domain->getName())) {
+			echo 'We a zone master for ' . $domain->getName() . PHP_EOL;
+			exit(1);
+		}
+		
 		if ($zonefile = fopen(filename: $this->localZonesDir . $domain->getName(), mode: 'w')) {
 			// TODO fixme soon
 			$content = json_decode(json: $domain->getContent());