[bind][nsupdate] не могу обновить зону

options {
        directory "/etc";
        pid-file "/var/run/named/named.pid";
        forwarders {
                    1.2.3.4;
                };


        };

zone "." {
        type hint;
        file "/etc/db.cache";
        };

zone "host.domain" {
        type master;
        file "/var/named/host.domain.hosts";
        allow-update { 127.0.0.1; };
        };
key rndc-key {
        algorithm qq-we;
        secret "12345";
        };
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
        };

> server 127.0.0.1
> zone host.domain.
> update add newhost.domain. 86400 A 4.3.2.1
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
newhost.domain.                   86400   IN      A       4.3.2.1

> send
update failed: REFUSED
> answer
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id:   1732
;; flags: qr ra ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0