diff --git a/src/generate_bind_conf.php b/src/generate_bind_conf.php
index df9de632..59ce248e 100755
--- a/src/generate_bind_conf.php
+++ b/src/generate_bind_conf.php
@@ -151,22 +151,46 @@ class m_bind_regenerate {
     exec($this->RNDC." reload ".escapeshellarg($domain));
   }
 
+  // return true if zone is locked
+  function is_locked($domain) {
+    preg_match_all("/(\;\s*LOCKED:YES)/i", $this->get_zone($domain), $output_array);
+    if (isset($output_array[1][0]) && !empty($output_array[1][0])) {
+      return true;
+    }
+    return false;
+  }  
+
   function save_zone($domain) {
-    //FIXME check lock
-    return file_put_contents($this->get_zone_file_uri($domain), $this->get_zone($domain));
+    if ( $this->is_locked($domain)) return false;
+ 
+    $file=$this->get_zone_file_uri($domain);
+    file_put_contents($file, $this->get_zone($domain));
+    chown($file, 'bind');
+    chmod($file, 640);
+    return true; // fixme add tests
+  }
+
+  function delete_zone($domain) {
+    $file=$this->get_zone_file_uri($domain);
+    if (file_exists($file)) {
+      unlink($file);
+    }
+    return;
   }
 
   function reload_named() {
     $new_named_conf="// DO NOT EDIT\n// This file is generated by Alternc.\n// Every changes you'll make will be overwrited.\n";
     $tpl=file_get_contents($this->NAMED_TEMPLATE);
     foreach ($this->get_domain_summary() as $domain => $ds ) {
-      if ( ! $ds['gesdns'] ) continue;
+      if ( ! $ds['gesdns'] || strtoupper($ds['dns_action']) == 'DELETE' ) continue;
       $new_named_conf.=strtr($tpl, array("@@DOMAINE@@"=>$domain, "@@ZONE_FILE@@"=>$this->get_zone_file_uri($domain)));
     }
     $old_named_conf = @file_get_contents($this->NAMED_CONF);
 
     if ($old_named_conf != $new_named_conf ) {
       file_put_contents($this->NAMED_CONF,$new_named_conf);
+      chown($this->NAMED_CONF, 'bind');
+      chmod($this->NAMED_CONF, 640);
       exec($this->RNDC." reconfig");
     }
   }
@@ -174,12 +198,17 @@ class m_bind_regenerate {
   function regenerate_conf($all=false) {
     foreach ($this->get_domain_summary() as $domain => $ds ) {
       if ( ! $ds['gesdns'] ) continue;
-      if ($all || $ds['dns_action'] == 'UPDATE' ) {
+      if ( strtoupper($ds['dns_action']) == 'DELETE' ) {
+        $this->delete_zone($domain);
+      }
+      if ($all || strtoupper($ds['dns_action']) == 'UPDATE' ) {
         $this->save_zone($domain);
         $this->reload_zone($domain);
+        // FIXME reload zone hooks
       }
     }
     $this->reload_named();
+    // FIXME reload named hooks
   }
 
 } // class