diff --git a/nsupdate/main/dnstools.py b/nsupdate/main/dnstools.py
index a6529f1..f12e4d3 100644
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@@ -16,6 +16,7 @@ UPDATE_TIMEOUT = float(os.environ.get('DNS_UPDATE_TIMEOUT', '20.0'))
 UNAVAILABLE_RETRY = 120.0
 
 
+import binascii
 import time
 from datetime import timedelta
 from collections import namedtuple
@@ -334,9 +335,13 @@ def update_ns(fqdn, rdtype='A', ipaddr=None, action='upd', ttl=60):
     assert isinstance(fqdn, FQDN)
     assert action in ['add', 'del', 'upd', ]
     nameserver, nameserver2, origin, domain, name, keyname, key, algo = get_ns_info(fqdn)
-    upd = dns.update.Update(origin,
-                            keyring=dns.tsigkeyring.from_text({keyname: key}),
-                            keyalgorithm=algo)
+    try:
+        keyring = dns.tsigkeyring.from_text({keyname: key})
+    except (UnicodeError, binascii.Error) as e:
+        msg = "Exception when building keyring for %s: [%s]" % (keyname, str(e))
+        logger.error(msg)
+        raise DnsUpdateError(msg)
+    upd = dns.update.Update(origin, keyring=keyring, keyalgorithm=algo)
     if action == 'add':
         assert ipaddr is not None
         upd.add(name, ttl, rdtype, ipaddr)
diff --git a/nsupdate/main/forms.py b/nsupdate/main/forms.py
index 7fa6e8c..7944198 100644
--- a/nsupdate/main/forms.py
+++ b/nsupdate/main/forms.py
@@ -63,6 +63,14 @@ class CreateDomainForm(forms.ModelForm):
 
 
 class EditDomainForm(forms.ModelForm):
+    def clean_nameserver_update_secret(self):
+        secret = self.cleaned_data['nameserver_update_secret']
+        try:
+            binascii.a2b_base64(secret.encode(encoding="ascii", errors="strict"))
+        except (binascii.Error, UnicodeEncodeError):
+            raise forms.ValidationError(_("Enter a valid secret in base64 format."), code='invalid')
+        return secret
+
     def clean(self):
         cleaned_data = super(EditDomainForm, self).clean()