diff --git a/api/mailinabox.yml b/api/mailinabox.yml
index a9a2c124..6358afb4 100644
--- a/api/mailinabox.yml
+++ b/api/mailinabox.yml
@@ -743,6 +743,31 @@ paths:
             text/html:
               schema:
                 type: string
+  /dns/zonefile/{zone}:
+      get:
+          tags:
+              - DNS
+          summary: Get DNS zonefile
+          description: Returns an array of all managed top-level domains.
+          operationId: getDnsZonefile
+          x-codeSamples:
+              - lang: curl
+                source: |
+                    curl -X GET "https://{host}/admin/dns/zonefile/<zone>" \
+                      -u "<email>:<password>"
+          responses:
+              200:
+                  description: Successful operation
+                  content:
+                      application/json:
+                          schema:
+                              $ref: '#/components/schemas/DNSZonefileResponse'
+              403:
+                  description: Forbidden
+                  content:
+                      text/html:
+                          schema:
+                              type: string
   /dns/update:
     post:
       tags:
@@ -2050,6 +2075,8 @@ components:
       items:
         $ref: '#/components/schemas/Hostname'
       description: DNS zones response.
+    DNSZonefileResponse:
+      type: string
     DNSSecondaryNameserverResponse:
       type: object
       required:
diff --git a/management/daemon.py b/management/daemon.py
index ffc6d5d5..3c19367b 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -1,3 +1,5 @@
+#!/usr/local/lib/mailinabox/env/bin/python3
+
 import os, os.path, re, json, time
 import multiprocessing.pool, subprocess
 
@@ -338,6 +340,12 @@ def dns_get_dump():
 	from dns_update import build_recommended_dns
 	return json_response(build_recommended_dns(env))
 
+@app.route('/dns/zonefile/<zone>')
+@authorized_personnel_only
+def dns_get_zonefile(zone):
+	from dns_update import get_dns_zonefile
+	return Response(get_dns_zonefile(zone, env), status=200, mimetype='text/plain')
+
 # SSL
 
 @app.route('/ssl/status')
diff --git a/management/dns_update.py b/management/dns_update.py
index 748f87f1..ccca69cd 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -564,6 +564,17 @@ $TTL 1800           ; default time to live
 
 	return True # file is updated
 
+def get_dns_zonefile(zone, env):
+	for domain, fn in get_dns_zones(env):
+		if zone == domain:
+			break
+	else:
+		raise ValueError("%s is not a domain name that corresponds to a zone." % zone)
+
+	nsd_zonefile = "/etc/nsd/zones/" + fn
+	with open(nsd_zonefile, "r") as f:
+		return f.read()
+
 ########################################################################
 
 def write_nsd_conf(zonefiles, additional_records, env):
diff --git a/management/templates/custom-dns.html b/management/templates/custom-dns.html
index 6984b081..b1b98b9b 100644
--- a/management/templates/custom-dns.html
+++ b/management/templates/custom-dns.html
@@ -89,7 +89,7 @@
   <div class="form-group">
     <div class="col-sm-offset-1 col-sm-11">
       <p class="small">
-        Multiple secondary servers can be separated with commas or spaces (i.e., <code>ns2.hostingcompany.com ns3.hostingcompany.com</code>). 
+        Multiple secondary servers can be separated with commas or spaces (i.e., <code>ns2.hostingcompany.com ns3.hostingcompany.com</code>).
         To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using <code>xfr:10.20.30.40</code> or <code>xfr:10.0.0.0/8</code>.
       </p>
       <p id="secondarydns-clear-instructions" style="display: none" class="small">
diff --git a/management/templates/external-dns.html b/management/templates/external-dns.html
index 6d8f677a..0634ec82 100644
--- a/management/templates/external-dns.html
+++ b/management/templates/external-dns.html
@@ -42,6 +42,19 @@
 	You may need to adopt this technique when adding DomainKeys. Use a tool like <code>named-checkzone</code> to validate your zone file.
 </p>
 
+<h3>Download zonefile</h3>
+<p>You can download your zonefiles here or use the table of records below.</p>
+<form class="form-inline" role="form" onsubmit="do_download_zonefile(); return false;">
+    <div class="form-group">
+        <div class="form-group">
+            <label for="downloadZonefile" class="control-label sr-only">Zone</label>
+            <select id="downloadZonefile" class="form-control" style="width: auto"> </select>
+        </div>
+        <button type="submit" class="btn btn-primary">Download</button>
+    </div>
+</form>
+
+<h3>Records</h3>
 
 <table id="external_dns_settings" class="table">
 	<thead>
@@ -57,6 +70,18 @@
 
 <script>
 function show_external_dns() {
+  api(
+    "/dns/zones",
+    "GET",
+    { },
+    function(data) {
+        var zones = $('#downloadZonefile');
+        zones.text('');
+        for (var j = 0; j < data.length; j++) {
+            zones.append($('<option/>').text(data[j]));
+        }
+    });
+
   $('#external_dns_settings tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/dns/dump",
@@ -84,4 +109,19 @@ function show_external_dns() {
       }
     })
 }
+
+function do_download_zonefile() {
+    var zone = $('#downloadZonefile').val();
+
+    api(
+        "/dns/zonefile/"+ zone,
+        "GET",
+        {},
+        function(data) {
+            show_modal_error("Download Zonefile", $("<pre/>").text(data));
+        },
+        function(err) {
+            show_modal_error("Download Zonefile (Error)", $("<pre/>").text(err));
+        });
+}
 </script>