diff --git a/roles/master/tasks/config.yml b/roles/master/tasks/config.yml
index f752c35..75ac55a 100644
--- a/roles/master/tasks/config.yml
+++ b/roles/master/tasks/config.yml
@@ -17,6 +17,26 @@
     group: knot
     mode: 0750
 
+- name: create knot zone directory
+  file:
+    path: /var/lib/knot/master
+    state: directory
+    owner: knot
+    group: knot
+    mode: 0750
+
+- name: render knot zone files
+  template:
+    src: var/lib/knot/master/zone.j2
+    dest: "/var/lib/knot/master/{{ zone.name }}"
+    owner: knot
+    group: knot
+    mode: 0640
+  vars:
+    zone: "hostvars[inventory_hostname]['knot_zone_' + item]"
+  loop: "{{ knot_zone_groups | subelements(zones) }}"
+  notify: reload knot
+
 - name: render knot server config
   template:
     src: etc/knot/knot.d/00-server.conf.j2
diff --git a/roles/master/templates/var/lib/knot/master/zone.j2 b/roles/master/templates/var/lib/knot/master/zone.j2
new file mode 100644
index 0000000..27572f6
--- /dev/null
+++ b/roles/master/templates/var/lib/knot/master/zone.j2
@@ -0,0 +1,16 @@
+
+$TTL	{{ zone.soa.ttl }}
+
+@	{{ zone.soa.class }}	SOA	{{ primary }}	{{ zone.soa.rname }} (
+	{{ ansible_date_time.epoch }}	; serial
+	{{ zone.soa.refresh }}	; refresh
+	{{ zone.soa.retry }}	; retry
+	{{ zone.soa.expire }}	; expire
+	{{ zone.soa.min_ttl }}	; min ttl
+)
+
+{% for r in zone.records %}
+
+{{ r.name }}	{{ r.ttl|default('') }}	{{ r.class|default('') }}	{{ r.type }}	{{ r.content }}
+{% endfor %}
+