diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 6943a26..be590ac 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -36,6 +36,9 @@ global_credentials_directory: "credentials"
 global_public_key_directory: "public_keys"
 
 global_dns_list_directory: "{{ global_public_key_directory }}/dns"
+global_dns_session_key_name: "local-ddns"
+global_dns_session_key_path: "/var/run/named/session.key"
+global_dns_session_key_algorithm: "{{ global_dns_update_key_algorithm }}"
 global_dns_update_key_algorithm: "ED25519"
 
 global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
diff --git a/roles/dns/application/templates/named.conf.options b/roles/dns/application/templates/named.conf.options
index b6e0c49..de65576 100644
--- a/roles/dns/application/templates/named.conf.options
+++ b/roles/dns/application/templates/named.conf.options
@@ -3,6 +3,10 @@ options {
     directory "/var/cache/bind";
     // configure dnssec
     dnssec-validation yes;
+    // session update key
+    session-keyfile "{{ global_dns_session_key_path }}";
+    session-keyname "{{ global_dns_session_key_name }}";
+    session-keyalg "{{ global_dns_session_key_algorithm }}";
     // etc
     auth-nxdomain no;
     listen-on-v6 { any; };