diff --git a/management/dns_update.py b/management/dns_update.py
index c000f345..b79e266a 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -604,7 +604,7 @@ def get_dns_zonefile(zone, env):
 
 def write_nsd_conf(zonefiles, additional_records, env):
 	# Write the list of zones to a configuration file.
-	nsd_conf_file = "/etc/nsd/zones.conf"
+	nsd_conf_file = "/etc/nsd/nsd.conf.d/zones.conf"
 	nsdconf = ""
 
 	# Append the zones.
diff --git a/setup/dns.sh b/setup/dns.sh
index b64a6580..c8a73a73 100755
--- a/setup/dns.sh
+++ b/setup/dns.sh
@@ -62,7 +62,13 @@ for ip in $PRIVATE_IP $PRIVATE_IPV6; do
 	echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
 done
 
-echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
+# Create a directory for additional configuration directives, including
+# the zones.conf file written out by our management daemon.
+echo "include: /etc/nsd/nsd.conf.d/*.conf" >> /etc/nsd/nsd.conf;
+
+# Remove the old location of zones.conf that we generate. It will
+# now be stored in /etc/nsd/nsd.conf.d.
+rm -f /etc/nsd/zones.conf
 
 # Create DNSSEC signing keys.