diff --git a/CHANGES b/CHANGES
index 0267a1d55f..9b89709b94 100644
--- a/CHANGES
+++ b/CHANGES
@@ -25,7 +25,8 @@
 1756.	[func]		named-checkconf now checks the logging configuration.
 			[RT #12352]
 
-1755.	[placeholder]	rt6636
+1755.	[func]		allow-update is now settable at the options / view
+			level. [RT #6636]
 
 1754.	[bug]		We wern't always attempting to query the parent
 			server for the DS records at the zone cut.
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 55e4d08c03..55efcdff85 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -15,7 +15,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.conf.docbook,v 1.4 2004/10/21 00:58:33 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.5 2004/11/11 01:08:23 marka Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -252,6 +252,7 @@ options {
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
 
 	notify <replaceable>notifytype</replaceable>;
@@ -380,6 +381,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
 
 	notify <replaceable>notifytype</replaceable>;
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 2bf3b26d00..8ecb232287 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.258 2004/10/21 00:54:04 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.259 2004/11/11 01:08:24 marka Exp $ -->
 
 <book>
 <title>BIND 9 Administrator Reference Manual</title>
@@ -989,7 +989,7 @@ protocol is specified in RFC 1996.
     messages.  The format and meaning of these messages is specified
     in RFC 2136.</para>
 
-    <para>Dynamic update is enabled on a zone-by-zone basis, by
+    <para>Dynamic update is enabled by
     including an <command>allow-update</command> or
     <command>update-policy</command> clause in the
     <command>zone</command> statement.</para>
@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para>
     <optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
+    <optional> allow-update { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
     <optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
@@ -3483,6 +3484,15 @@ host from retrieving data that is already in the server's cache.
 </para>
 </listitem></varlistentry>
 
+<varlistentry><term><command>allow-update</command></term>
+<listitem><para>Specifies which hosts are allowed to
+submit Dynamic DNS updates for master zones. The default is to deny
+updates from all hosts.  Note that allowing updates based
+on the requestor's IP address is insecure; see
+<xref linkend="dynamic_update_security"/> for details.
+</para>
+</listitem></varlistentry>
+
 <varlistentry><term><command>allow-update-forwarding</command></term>
 <listitem><para>Specifies which hosts are allowed to
 submit Dynamic DNS updates to slave zones to be forwarded to the
@@ -4761,12 +4771,8 @@ in <xref linkend="access_control"/>.</para>
 </listitem></varlistentry>
 
 <varlistentry><term><command>allow-update</command></term>
-<listitem><para>Specifies which hosts are allowed to
-submit Dynamic DNS updates for master zones. The default is to deny
-updates from all hosts.  Note that allowing updates based
-on the requestor's IP address is insecure; see
-<xref linkend="dynamic_update_security"/> for details.
-</para>
+<listitem><para>See the description of <command>allow-update</command>
+in <xref linkend="access_control"/>.</para>
 </listitem></varlistentry>
 
 <varlistentry><term><command>update-policy</command></term>
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index ee919100b1..a93179a2d9 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.40 2004/10/21 00:54:05 marka Exp $ */
+/* $Id: namedconf.c,v 1.41 2004/11/11 01:08:24 marka Exp $ */
 
 #include <config.h>
 
@@ -755,6 +755,7 @@ static cfg_clausedef_t
 zone_clauses[] = {
 	{ "allow-query", &cfg_type_bracketed_aml, 0 },
 	{ "allow-transfer", &cfg_type_bracketed_aml, 0 },
+	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "allow-update-forwarding", &cfg_type_bracketed_aml, 0 },
 	{ "allow-notify", &cfg_type_bracketed_aml, 0 },
 	{ "notify", &cfg_type_notifytype, 0 },
@@ -794,7 +795,6 @@ zone_clauses[] = {
 static cfg_clausedef_t
 zone_only_clauses[] = {
 	{ "type", &cfg_type_zonetype, 0 },
-	{ "allow-update", &cfg_type_bracketed_aml, 0 },
 	{ "file", &cfg_type_qstring, 0 },
 	{ "journal", &cfg_type_qstring, 0 },
 	{ "ixfr-base", &cfg_type_qstring, CFG_CLAUSEFLAG_OBSOLETE },