diff --git a/bundles/bind/files/named.conf.local b/bundles/bind/files/named.conf.local
index 5a0ddc4..57c5def 100644
--- a/bundles/bind/files/named.conf.local
+++ b/bundles/bind/files/named.conf.local
@@ -1,6 +1,8 @@
 % for view_name, view_conf in views.items():
 acl "${view_name}" {
-  ${' '.join(f'{e};' for e in view_conf['acl'])}
+  % for ac in sorted(view_conf['acl'], key=lambda e: (not e.startswith('!'), not e.startswith('key'))):
+  ${ac};
+  % endfor
 };
 % endfor
 
@@ -16,12 +18,6 @@ key "${name}" {
 % for view_name, view_conf in views.items():
 view "${view_name}" {
   match-clients {
-    % for rejected_client in view_conf['rejected_clients']:
-    ! ${rejected_client};
-    % endfor
-    % for key in view_conf['keys']:
-    ${key};
-    % endfor
     ${view_name};
   };
 
diff --git a/bundles/bind/metadata.py b/bundles/bind/metadata.py
index 9923532..c896a63 100644
--- a/bundles/bind/metadata.py
+++ b/bundles/bind/metadata.py
@@ -22,7 +22,6 @@ defaults = {
                     '192.168.0.0/16',
                 },
                 'keys': {},
-                'rejected_keys': set(),
             },
             'external': {
                 'default': True,
@@ -32,7 +31,6 @@ defaults = {
                     'any',
                 },
                 'keys': {},
-                'rejected_keys': set(),
             },
         },
         'keys': {
@@ -191,34 +189,43 @@ def generate_keys(metadata):
         },
     }
 
+
 @metadata_reactor.provides(
     'bind/views',
 )
-def collected_rejected_keys_from_other_views(metadata):
+def allow_keys_in_acl(metadata):
     return {
         'bind': {
             'views': {
                 view: {
-                    'rejected_clients': {
-                        # reject other views keys
-                        *{
-                            key
-                                for other_view, other_conf in metadata.get('bind/views').items()
-                                if other_view != view
-                                and not other_conf.get('default')
-                                for key in other_conf['keys']
-                        },
-                        # reject other views acls
-                        *{
-                            other_view
-                                for other_view, other_conf in metadata.get('bind/views').items()
-                                if other_view != view
-                                and not other_conf.get('default')
-                        },
-                        
+                    'acl': {
+                        f'key {key}'
+                            for key in conf['keys']
                     }
                 }
-                    for view in metadata.get('bind/views')
+                    for view, conf in metadata.get('bind/views').items()
+            }
+        },
+    }
+
+
+@metadata_reactor.provides(
+    'bind/views',
+)
+def reject_keys_from_other_views(metadata):
+    return {
+        'bind': {
+            'views': {
+                view: {
+                    'acl': {
+                        f'! key {key}'
+                            for other_view, other_conf in metadata.get('bind/views').items()
+                            if other_view != view
+                            for key in other_conf['keys']
+                    }
+                }
+                    for view, conf in metadata.get('bind/views').items()
+                    if not conf.get('default')
             }
         },
     }