How to configure BIND to allow RFC2136-style updates for 1 host for Dynamic DNS?

view full story

http://serverfault.com – I am using Debian on a VPS with static IP and my home network behind PPP with dynamic IP. My pfSense router/firewall shall update my host home.mydomain.tld via RFC2136 style updates. After lots of reading through different tutorials I still have no clue how to setup this up correctly. There are some hosts in my zone file and I want to allow updates with a secret key for only 1 host. Debian automatically creates the file /etc/bind/rndc.key. I'd like to use a 2nd key and keep this key for local updates which my change all zones. How to configure BIND to allow this? Overview over DynDNS confi (HowTos)