diff --git a/Dockerfile b/Dockerfile
index 5a64c720..84fc658f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,7 @@ RUN apk update -f \
   coreutils \
   curl \
   socat \
+  bind-tools \
   && rm -rf /var/cache/apk/*
 
 ENV LE_CONFIG_HOME /acme.sh
diff --git a/dnsapi/dns_inwx.sh b/dnsapi/dns_inwx.sh
index cd5af91b..f4590cf8 100755
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@@ -158,7 +158,8 @@ _inwx_login() {
   export _H1
 
   #https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71
-  if _contains "$response" "tfa"; then
+  if _contains "$response" "<member><name>code</name><value><int>1000</int></value></member>" \
+    && _contains "$response" "<member><name>tfa</name><value><string>GOOGLE-AUTH</string></value></member>"; then
     if [ -z "$INWX_Shared_Secret" ]; then
       _err "Mobile TAN detected."
       _err "Please define a shared secret."
diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh
index 555f4d29..4437ab9b 100755
--- a/dnsapi/dns_nsupdate.sh
+++ b/dnsapi/dns_nsupdate.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env sh
 
 ########  Public functions #####################
+ECHO=$(command -v echo)
+NSUPDATE=$(command -v nsupdate)
+NSUPDATE_COMMANDS_FILE="/tmp/nsupdate"
 
 #Usage: dns_nsupdate_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 dns_nsupdate_add() {
@@ -13,17 +16,26 @@ dns_nsupdate_add() {
   _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
   _saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
   _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
+  if ! [ -z "$NSUPDATE_ZONE" ]; then
+    _saveaccountconf NSUPDATE_ZONE "${NSUPDATE_ZONE}"
+  fi
   _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
-  nsupdate -k "${NSUPDATE_KEY}" <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT} 
-update add ${fulldomain}. 60 in txt "${txtvalue}"
-send
-EOF
-  if [ $? -ne 0 ]; then
+
+  $ECHO "server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}" >${NSUPDATE_COMMANDS_FILE}
+  if ! [ -z "$NSUPDATE_ZONE" ]; then
+    $ECHO "zone ${NSUPDATE_ZONE}" >>${NSUPDATE_COMMANDS_FILE}
+  fi
+  $ECHO "update add ${fulldomain}. 60 in txt \"${txtvalue}\"" >>${NSUPDATE_COMMANDS_FILE}
+  $ECHO "send" >>${NSUPDATE_COMMANDS_FILE}
+
+  _debug "$(cat ${NSUPDATE_COMMANDS_FILE})"
+
+  if ! $NSUPDATE -k "${NSUPDATE_KEY}" -v ${NSUPDATE_COMMANDS_FILE}; then
     _err "error updating domain"
+    rm ${NSUPDATE_COMMANDS_FILE}
     return 1
   fi
-
+  rm ${NSUPDATE_COMMANDS_FILE}
   return 0
 }
 
@@ -34,16 +46,22 @@ dns_nsupdate_rm() {
   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
   _info "removing ${fulldomain}. txt"
-  nsupdate -k "${NSUPDATE_KEY}" <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT} 
-update delete ${fulldomain}. txt
-send
-EOF
-  if [ $? -ne 0 ]; then
+
+  $ECHO "server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}" >${NSUPDATE_COMMANDS_FILE}
+  if ! [ -z "$NSUPDATE_ZONE" ]; then
+    $ECHO "zone ${NSUPDATE_ZONE}" >>${NSUPDATE_COMMANDS_FILE}
+  fi
+  $ECHO "update delete ${fulldomain}. txt" >>${NSUPDATE_COMMANDS_FILE}
+  $ECHO "send" >>${NSUPDATE_COMMANDS_FILE}
+
+  _debug "$(cat ${NSUPDATE_COMMANDS_FILE})"
+
+  if ! $NSUPDATE -k "${NSUPDATE_KEY}" -v ${NSUPDATE_COMMANDS_FILE}; then
     _err "error updating domain"
+    rm ${NSUPDATE_COMMANDS_FILE}
     return 1
   fi
-
+  rm ${NSUPDATE_COMMANDS_FILE}
   return 0
 }