diff --git a/manifests/backend/bind9.pp b/manifests/backend/bind9.pp
index 63a474ff..0d83d1b2 100644
--- a/manifests/backend/bind9.pp
+++ b/manifests/backend/bind9.pp
@@ -79,26 +79,23 @@ class designate::backend::bind9 (
   include designate::params
 
   if $configure_bind {
-    if $rndc_controls {
-      class { 'dns':
-        controls => $rndc_controls,
-      }
-    } else {
-      include dns
-    }
-    concat::fragment { 'dns allow-new-zones':
-      target  => $::dns::optionspath,
-      content => 'allow-new-zones yes;',
-      order   => '20',
+    $dns_additional_options = {
+      'allow-new-zones'   => 'yes',
+      # Recommended by Designate docs as a mitigation for potential cache
+      # poisoning attacks:
+      # https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
+      'minimal-responses' => 'yes',
     }
 
-    # Recommended by Designate docs as a mitigation for potential cache
-    # poisoning attacks:
-    # https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
-    concat::fragment { 'dns minimal-responses':
-      target  => $::dns::optionspath,
-      content => 'minimal-responses yes;',
-      order   => '21',
+    if $rndc_controls {
+      class { 'dns':
+        controls           => $rndc_controls,
+        additional_options => $dns_additional_options,
+      }
+    } else {
+      class { 'dns':
+        additional_options => $dns_additional_options,
+      }
     }
 
     # /var/named is root:named on RedHat and /var/cache/bind is root:bind on
diff --git a/spec/classes/designate_backend_bind9_spec.rb b/spec/classes/designate_backend_bind9_spec.rb
index 040d5972..5287b28d 100644
--- a/spec/classes/designate_backend_bind9_spec.rb
+++ b/spec/classes/designate_backend_bind9_spec.rb
@@ -11,9 +11,11 @@ describe 'designate::backend::bind9' do
         {}
       end
       it 'configures named and pool' do
-        is_expected.to contain_concat_fragment('dns allow-new-zones').with(
-          :target => platform_params[:dns_optionspath],
-          :content => 'allow-new-zones yes;'
+        is_expected.to contain_class('dns').with(
+          :additional_options => {
+            'allow-new-zones'   => 'yes',
+            'minimal-responses' => 'yes'
+          },
         )
         is_expected.to contain_file('/etc/designate/pools.yaml').with(
           :ensure => 'present',
@@ -36,7 +38,7 @@ describe 'designate::backend::bind9' do
         { :configure_bind => false }
       end
       it 'does not configure named' do
-        is_expected.not_to contain_concat_fragment('dns allow-new-zones')
+        is_expected.to_not contain_class('dns')
       end
     end