DynDNS config with bind

OS type and version Rocky Linux 9.1
Webmin version 2.001
Virtualmin version 7.3 Pro

I’m trying to get a dyndns service to run with bind
So I created a key file with ddns-confgen -s example.com
Here I got the key and the update policy I need to add to my named.conf file
I created a key file on /dyndns/example.key

Within named.conf I added:
key ddns-key.example.com {
algorithm hmac-sha256;
secret “somesecretkey”;
and under the zone I added:
update-policy {
grant ddns-key.example.com name example.con ANY;

Before creating a script for updating I wanted to test it manually and so I did
nsupdate -k /dyndns/example.key -v << EOF
server serverip
zone example.com
update delete ddns.example.com A
update add ddns.example.com 30 A

The first run he created the entry correctly and than never again
Even had some issues so I had to run rndc -c /etc/rndc.conf sync -clean and rndc flush
Still don’t know where they came from but I saw that in rndc.key suddenly a different algorythm was used as within the named.conf for the rndc key (I put both on the same point and than did what I wrote before)

This solved some issues but at the end not the following one (no update):

client @0x7fd4a400b0c8 serverip#59867/key ddns-key.example.com: updating zone ‘example.com/IN’: update failed: rejected by secure update (REFUSED)

When I refresh the zone I get:
NDC command failed : rndc: ‘reload’ failed: dynamic zone

Any idea what I maybe doing wrong??
I must admit I’m new to this bind stuff and so I’m reading a lot about it but for the moment I can’t find any solution :confused:

Many thanks in advance as always