BIND for Active directory with secure update

[Vbvbrj]

Hello.

I've setup BIND to serve the requests to lan instead of Microsoft DNS by 
first setting bind as a secondary dns server for Microsoft DNS, copy the 
zones, and making the BIND the master. In order for domain member hosts 
to update the records of the their names in dns, I allow unsecure 
updates from the lan computers. It's a security thread of poisoning the 
dns. I would like to setup up a secure by the domain servers. On the 
internet I read about using "allow-update" with a key file. But I didn't 
found a page on how to get the key from the Active Directory kerberos 
system. Could any one point on setting the secure update to bind with 
key from the already deployed Active Directory?

The BIND is running under the windows.