diff --git a/manifests/bind.pp b/manifests/bind.pp
index 378ac3a7c..da3f75ad1 100644
--- a/manifests/bind.pp
+++ b/manifests/bind.pp
@@ -24,9 +24,14 @@ class openstack_integration::bind {
     allow_recursion    => [],
     listen_on_v6       => false,
     additional_options => {
-      'listen-on'     => "port 5322 { ${listen_on}; }",
-      'listen-on-v6'  => "port 5322 { ${listen_on_v6}; }",
-      'auth-nxdomain' => 'no',
+      'listen-on'         => "port 5322 { ${listen_on}; }",
+      'listen-on-v6'      => "port 5322 { ${listen_on_v6}; }",
+      'auth-nxdomain'     => 'no',
+      'allow-new-zones'   => 'yes',
+      # Recommended by Designate docs as a mitigation for potential cache
+      # poisoning attacks:
+      # https://docs.openstack.org/designate/latest/admin/production-guidelines.html#bind9-mitigation
+      'minimal-responses' => 'yes',
     },
     controls           => {
       $bind_host => {
diff --git a/manifests/designate.pp b/manifests/designate.pp
index fb4bb217a..0c89cd721 100644
--- a/manifests/designate.pp
+++ b/manifests/designate.pp
@@ -112,6 +112,8 @@ class openstack_integration::designate {
     mdns_hosts       => [$::openstack_integration::config::host],
     rndc_config_file => '/etc/rndc.conf',
     rndc_key_file    => $::dns::params::rndckeypath,
-    manage_pool      => true
+    manage_pool      => true,
+    # Configure bind using openstack_integration::bind
+    configure_bind   => false,
   }
 }