diff --git a/site-modules/profile/files/bind/db.empty b/site-modules/profile/files/bind/db.empty
new file mode 100644
index 00000000..37adc777
--- /dev/null
+++ b/site-modules/profile/files/bind/db.empty
@@ -0,0 +1,9 @@
+$TTL	86400
+@	IN	SOA pergamon.internal.softwareheritage.org. sysop.softwareheritage.org. (
+           1      ; Serial
+           3600   ; Refresh
+           120    ; Retry
+           604800 ; Expire
+           120)   ; Negative Cache TTL
+;
+@	IN	NS	pergamon.internal.softwareheritage.org.
diff --git a/site-modules/profile/manifests/bind_server/common.pp b/site-modules/profile/manifests/bind_server/common.pp
index 6dd4e677..5b7c7209 100644
--- a/site-modules/profile/manifests/bind_server/common.pp
+++ b/site-modules/profile/manifests/bind_server/common.pp
@@ -1,70 +1,73 @@
 # Common resources between primary and secondary bind servers
 
 class profile::bind_server::common {
   include ::profile::resolv_conf
 
   $forwarders = lookup('dns::forwarders')
   $zones = lookup('bind::zones')
   $default_zone_data = lookup('bind::zones::default_data')
   $clients = lookup('bind::clients')
   $update_key = lookup('bind::update_key')
 
   bind::key { $update_key:
     secret_bits => 512,
   }
 
   class { '::bind':
     forwarders => $forwarders,
     dnssec     => true,
   }
 
   Service['bind'] -> File['/etc/resolv.conf']
 
   bind::view { 'private':
     recursion     => true,
     zones         => keys($zones),
     match_clients => $clients,
   }
 
   each($zones) |$zone, $data| {
     $merged_data = merge($default_zone_data, $data)
 
     if $merged_data['zone_type'] == 'master' {
       $allow_updates = union(
         any2array($merged_data['allow_updates']),
         ["key ${update_key}"],
       )
       $masters = undef
 
+      $source = 'puppet:///modules/profile/bind/db.empty'
+
       resource_record { "${zone}/NS":
         type    => 'NS',
         record  => $zone,
         data    => $merged_data['ns_records'],
         keyfile => "/etc/bind/keys/${profile::bind_server::common::update_key}",
       }
 
     } else {
+      $source = undef
       $allow_updates = undef
       $masters = $merged_data['masters']
     }
 
     bind::zone { $zone:
       zone_type       => $merged_data['zone_type'],
       domain          => $merged_data['domain'],
       dynamic         => $merged_data['dynamic'],
       masters         => $masters,
       transfer_source => $merged_data['transfer_source'],
       allow_updates   => $allow_updates,
       update_policies => $merged_data['update_policies'],
       allow_transfers => $merged_data['allow_transfers'],
       dnssec          => $merged_data['dnssec'],
       key_directory   => $merged_data['key_directory'],
       ns_notify       => $merged_data['ns_notify'],
       also_notify     => $merged_data['also_notify'],
       allow_notify    => $merged_data['allow_notify'],
       forwarders      => $merged_data['forwarders'],
       forward         => $merged_data['forward'],
-      source          => $merged_data['source'],
+      source          => $source,
     }
   }
 }