diff --git a/docs/examples/bind9/named.conf b/docs/examples/bind9/named.conf
index d7bae71..8b17033 100644
--- a/docs/examples/bind9/named.conf
+++ b/docs/examples/bind9/named.conf
@@ -23,6 +23,8 @@ zone nsupdate.info {
             deny  nsupdate.info.      name  www.nsupdate.info;
             deny  nsupdate.info.      name ipv4.nsupdate.info;
             deny  nsupdate.info.      name ipv6.nsupdate.info;
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant nsupdate.info. name connectivity-test.nsupdate.info A;
             // but we allow updates to any other host:
             grant nsupdate.info. subdomain nsupdate.info;
         };
diff --git a/nsupdate/main/dnstools.py b/nsupdate/main/dnstools.py
index f2f9069..69a3496 100644
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@@ -24,6 +24,8 @@ import logging
 logger = logging.getLogger(__name__)
 
 import socket
+import random
+import struct
 
 import dns.inet
 import dns.name
@@ -104,18 +106,16 @@ def check_domain(domain):
 
     from .models import Domain
     d = Domain.objects.get(name=domain)
-    # temporarily set domain to available
+    # temporarily set domain to available to allow add/update/deletes
     domain_available_state = d.available
     d.available = True
     d.save()
 
     try:
-        # add to primary
-        add(fqdn, "8.8.8.8")
-        # delete on primary
-        delete(fqdn)
+        # add host connectivity-test.<domain> with a random IP. See add()
+        add(fqdn, socket.inet_ntoa(struct.pack('>I', random.randint(1, 0xffffffff))))
 
-    except (dns.exception.DNSException, ) as e:
+    except (dns.exception.DNSException, DnsUpdateError) as e:
         raise NameServerNotAvailable(str(e))
 
     finally:
diff --git a/nsupdate/main/templates/main/generate_ns_secret.html b/nsupdate/main/templates/main/generate_ns_secret.html
index 3537cae..57e777d 100644
--- a/nsupdate/main/templates/main/generate_ns_secret.html
+++ b/nsupdate/main/templates/main/generate_ns_secret.html
@@ -42,6 +42,8 @@ zone {{ object.name }} {
             deny  {{ object.name }}.      name  www.{{ object.name }};
             deny  {{ object.name }}.      name ipv4.{{ object.name }};
             deny  {{ object.name }}.      name ipv6.{{ object.name }};
+            // this host is for testing if the nameserver is configured correctly and reachable
+            grant {{ object.name }}. name connectivity-test.{{ object.name }} A;
             // but we allow updates to any other host:
             grant {{ object.name }}. subdomain {{ object.name }};
         };