=================
named.conf on .36:

options {
directory "/etc";
pid-file "/var/run/named/named.pid";
forward first;
forwarders {
212.40.0.10;
};
};

zone "." {
type hint;
file "/etc/db.cache";
};


zone "document.ch" {
type master;
file "/etc/document.ch.hosts";
};
server 195.141.143.37 {
};
key "rndckey" {
algorithm hmac-md5;
secret "blah";
};

=================
named.conf on .37:

include "/etc/named.custom";
include "/etc/rndc.key";

server 195.141.143.37 {
keys {
rndckey;
};
};




logging {
channel named_log {
syslog syslog;
severity info;
};
};

zone "." in {
type hint;
file "/etc/root.cache";
};

=================
named.custom on .37:

options {
directory "/var/named/";
forward first;
forwarders {
194.158.230.53;
194.158.230.54;
};
query-source address * port 53;
notify yes;
listen-on port 53 { 127.0.0.1; 195.141.143.37; };
listen-on-v6 { none; };
allow-query { 127.0.0.1; 195.141.143.36; };
allow-recursion { 127.0.0.1; 195.141.143.36; };
allow-transfer {
195.141.143.36;
};
auth-nxdomain no;
version "Hmmmm...";
};


rndc.key is on both machines the same.