diff --git a/letsencrypt/CHANGELOG.md b/letsencrypt/CHANGELOG.md
index 2bbc04ef5bd..a62970353ad 100644
--- a/letsencrypt/CHANGELOG.md
+++ b/letsencrypt/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.2.11
+
+- Add rfc2136_sign_query parameter to config.yaml
+
 ## 5.2.10
 
 - Add transip global_key parameter to config.yaml
diff --git a/letsencrypt/DOCS.md b/letsencrypt/DOCS.md
index 6bfec051489..7a4265d0d4d 100644
--- a/letsencrypt/DOCS.md
+++ b/letsencrypt/DOCS.md
@@ -137,6 +137,7 @@ rfc2136_port: ''
 rfc2136_name: ''
 rfc2136_secret: ''
 rfc2136_algorithm: ''
+rfc2136_sign_query: ''
 aws_access_key_id: ''
 aws_secret_access_key: ''
 sakuracloud_api_token: ''
@@ -782,6 +783,8 @@ An example configuration:
     rfc2136_name: letsencrypt
     rfc2136_secret: "secret-key"
     rfc2136_algorithm: HMAC-SHA512
+    # Optional: Enable TSIG key signing for DNS queries (useful for BIND multiple views)
+    rfc2136_sign_query: true
   ```
 
 </details>
diff --git a/letsencrypt/config.yaml b/letsencrypt/config.yaml
index 30248cc5fea..7cb506c41c4 100644
--- a/letsencrypt/config.yaml
+++ b/letsencrypt/config.yaml
@@ -1,5 +1,5 @@
 ---
-version: 5.2.10
+version: 5.2.11
 slug: letsencrypt
 name: Let's Encrypt
 description: Manage certificate from Let's Encrypt
@@ -116,6 +116,7 @@ schema:
     rfc2136_port: str?
     rfc2136_secret: str?
     rfc2136_server: str?
+    rfc2136_sign_query: bool
     sakuracloud_api_secret: str?
     sakuracloud_api_token: str?
     transip_api_key: str?
diff --git a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
index 9cbdd7734f1..17e91b7455d 100755
--- a/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
+++ b/letsencrypt/rootfs/etc/cont-init.d/file-structure.sh
@@ -60,6 +60,7 @@ echo -e "dns_desec_token = $(bashio::config 'dns.desec_token')\n" \
       "dns_rfc2136_name = $(bashio::config 'dns.rfc2136_name')\n" \
       "dns_rfc2136_secret = $(bashio::config 'dns.rfc2136_secret')\n" \
       "dns_rfc2136_algorithm = $(bashio::config 'dns.rfc2136_algorithm')\n" \
+      "dns_rfc2136_sign_query = $(bashio::config 'dns.rfc2136_sign_query')\n" \
       "aws_access_key_id = $(bashio::config 'dns.aws_access_key_id')\n" \
       "aws_secret_access_key = $(bashio::config 'dns.aws_secret_access_key')\n" \
       "dns_sakuracloud_api_token = $(bashio::config 'dns.sakuracloud_api_token')\n" \