diff --git a/roles/bind-role/tasks/main.yml b/roles/bind-role/tasks/main.yml
index 02e93c3..ece4884 100644
--- a/roles/bind-role/tasks/main.yml
+++ b/roles/bind-role/tasks/main.yml
@@ -57,6 +57,28 @@
   register: reverse_hashes_ipv6
   with_items: "{{ bind_zone_ipv6_networks }}"
 
+- name: Generate rndc.key
+  shell: rndc-confgen -a -b 128 -c /etc/rndc.key -k rndc-key
+  register: key_generated
+  when: key_generated is not defined
+
+- name: "grab rndc.key"
+  fetch:
+    dest: "./.tmp/rndc.key"
+    src: "/etc/rndc.key"
+    flat: true
+  when: key_generated is defined
+
+- name: "put master rndc.key to slave"
+  copy:
+    src: "./.tmp/rndc.key"
+    dest: "/etc/rndc.key"
+    owner: root
+    group: named
+    mode: 0640
+    force: yes
+  when: key_generated is defined
+
 - include_tasks: master.yml
   when: bind_zone_master_server_ip in ansible_all_ipv4_addresses
 
diff --git a/roles/bind-role/tasks/master.yml b/roles/bind-role/tasks/master.yml
index 48f1d89..09e144c 100644
--- a/roles/bind-role/tasks/master.yml
+++ b/roles/bind-role/tasks/master.yml
@@ -1,9 +1,6 @@
 # roles/bind/tasks/master.yml
 # Set up a BIND master server
 ---
-- name: Master | Generate rndc.key
-  shell: rndc-confgen -a -b 128 -c /etc/rndc.key -k rndc-key
-
 - name: Master | Main BIND config file (master)
   template:
     src: master_etc_named.conf.j2