diff --git a/Knot.files b/Knot.files
index c73c12c56c1e7d53d52a3882431cccdbea1e465b..b001892e07e9792f8e64ba27e9ddb15bdc105ad4 100644
--- a/Knot.files
+++ b/Knot.files
@@ -144,6 +144,7 @@ src/libknot/dname.c
 src/libknot/dname.h
 src/libknot/dnssec/key.c
 src/libknot/dnssec/key.h
+src/libknot/dnssec/nsec-bitmap.h
 src/libknot/dnssec/nsec3.c
 src/libknot/dnssec/nsec3.h
 src/libknot/dnssec/sig0.c
diff --git a/src/Makefile.am b/src/Makefile.am
index 788c189852b23c84095583bcf5a9a39f3973a9a8..cdd415fe367b2578df4f82754101fac1d8f8c83f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -165,6 +165,7 @@ libknot_la_SOURCES =				\
 	libknot/binary.c			\
 	libknot/dnssec/key.c			\
 	libknot/dnssec/key.h			\
+	libknot/dnssec/nsec-bitmap.h		\
 	libknot/dnssec/nsec3.c			\
 	libknot/dnssec/nsec3.h			\
 	libknot/dnssec/sig0.c			\
diff --git a/src/libknot/dnssec/nsec-bitmap.h b/src/libknot/dnssec/nsec-bitmap.h
new file mode 100644
index 0000000000000000000000000000000000000000..ad946cad080215f503c7903a26c7e15b72c4f88c
--- /dev/null
+++ b/src/libknot/dnssec/nsec-bitmap.h
@@ -0,0 +1,127 @@
+/*  Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/*!
+ * \file nsec-bitmap.h
+ *
+ * \author Jan Vcelak <jan.vcelak@nic.cz>
+ *
+ * \brief RR bitmap used in NSEC/NSEC3 records (RFC 4034).
+ *
+ * \addtogroup dnssec
+ * @{
+ */
+
+#ifndef _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
+#define _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
+
+#include <stdint.h>
+#include <string.h>
+#include "libknot/rrset.h"
+
+#define BITMAP_WINDOW_SIZE 256
+#define BITMAP_WINDOW_BYTES (BITMAP_WINDOW_SIZE/CHAR_BIT)
+#define BITMAP_WINDOW_COUNT 256
+
+/*!
+ * \brief One window of a bitmap.
+ */
+typedef struct {
+	uint8_t used;
+	uint8_t data[BITMAP_WINDOW_BYTES];
+} bitmap_window_t;
+
+/*!
+ * \brief Bitmap of RR types.
+ */
+typedef struct {
+	int used;
+	bitmap_window_t windows[BITMAP_WINDOW_COUNT];
+} bitmap_t;
+
+/*!
+ * \brief Add one RR type into the bitmap.
+ */
+inline static void bitmap_add_type(bitmap_t *bitmap, uint16_t type)
+{
+	int win = type / BITMAP_WINDOW_SIZE;
+	int bit = type % BITMAP_WINDOW_SIZE;
+
+	if (bitmap->used <= win)
+		bitmap->used = win + 1;
+
+	int win_byte = bit / CHAR_BIT;
+	int win_bit  = bit % CHAR_BIT;
+
+	bitmap_window_t *window = &bitmap->windows[win];
+	window->data[win_byte] |= 0x80 >> win_bit;
+	if (window->used <= win_byte)
+		window->used = win_byte + 1;
+}
+
+/*!
+ * \brief Add all RR types from a RR set into the bitmap.
+ */
+inline static void bitmap_add_rrset(bitmap_t *bitmap, knot_rrset_t *rrset[],
+                             int rrset_count)
+{
+	for (int i = 0; i < rrset_count; i++) {
+		bitmap_add_type(bitmap, rrset[i]->type);
+	}
+}
+
+/*!
+ * \brief Compute the size of the bitmap in NSEC RDATA format.
+ */
+inline static size_t bitmap_size(const bitmap_t *bitmap)
+{
+	size_t result = 0;
+
+	for (int i = 0; i < bitmap->used; i++) {
+		int used = bitmap->windows[i].used;
+		if (used == 0)
+			continue;
+
+		result += 2 + used; // windows number, window size, data
+	}
+
+	return result;
+}
+
+/*!
+ * \brief Write bitmap in NSEC RDATA format.
+ */
+inline static void bitmap_write(const bitmap_t *bitmap, uint8_t *output)
+{
+	uint8_t *write_ptr = output;
+	for (int win = 0; win < bitmap->used; win++) {
+		int used = bitmap->windows[win].used;
+		if (used == 0)
+			continue;
+
+		*write_ptr = (uint8_t)win;
+		write_ptr += 1;
+
+		*write_ptr = (uint8_t)used;
+		write_ptr += 1;
+
+		memcpy(write_ptr, bitmap->windows[win].data, used);
+		write_ptr += used;
+	}
+}
+
+#endif // _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
+
+/*! @} */
diff --git a/src/libknot/dnssec/zone-nsec.c b/src/libknot/dnssec/zone-nsec.c
index b7f642a6a73d88647fe032e9414aa895980fb44e..da22714c23692f0b091861765efb098b466a2c07 100644
--- a/src/libknot/dnssec/zone-nsec.c
+++ b/src/libknot/dnssec/zone-nsec.c
@@ -23,103 +23,11 @@
 
 #include "common/base32hex.c"
 #include "common/descriptor.h"
-#include "nsec3.h"
-#include "util/utils.h"
-#include "zone/zone-contents.h"
-#include "zone-nsec.h"
-
-/* - RR types bitmap -- RFC 4034 ------------------------------------------- */
-
-#define BITMAP_WINDOW_SIZE 256
-#define BITMAP_WINDOW_BYTES (BITMAP_WINDOW_SIZE/CHAR_BIT)
-#define BITMAP_WINDOW_COUNT 256
-
-/*!
- * \brief One window of a bitmap.
- */
-typedef struct {
-	uint8_t used;
-	uint8_t data[BITMAP_WINDOW_BYTES];
-} bitmap_window_t;
-
-/*!
- * \brief Bitmap of RR types.
- */
-typedef struct {
-	int used;
-	bitmap_window_t windows[BITMAP_WINDOW_COUNT];
-} bitmap_t;
-
-/*!
- * \brief Add one RR type into the bitmap.
- */
-static void bitmap_add_type(bitmap_t *bitmap, uint16_t type)
-{
-	int win = type / BITMAP_WINDOW_SIZE;
-	int bit = type % BITMAP_WINDOW_SIZE;
-
-	if (bitmap->used <= win)
-		bitmap->used = win + 1;
-
-	int win_byte = bit / CHAR_BIT;
-	int win_bit  = bit % CHAR_BIT;
-
-	bitmap_window_t *window = &bitmap->windows[win];
-	window->data[win_byte] |= 0x80 >> win_bit;
-	if (window->used <= win_byte)
-		window->used = win_byte + 1;
-}
-
-/*!
- * \brief Add all RR types from a RR set into the bitmap.
- */
-static void bitmap_add_rrset(bitmap_t *bitmap, knot_rrset_t *rrset[],
-                             int rrset_count)
-{
-	for (int i = 0; i < rrset_count; i++) {
-		bitmap_add_type(bitmap, rrset[i]->type);
-	}
-}
-
-/*!
- * \brief Compute the size of the bitmap in NSEC RDATA format.
- */
-static size_t bitmap_size(const bitmap_t *bitmap)
-{
-	size_t result = 0;
-
-	for (int i = 0; i < bitmap->used; i++) {
-		int used = bitmap->windows[i].used;
-		if (used == 0)
-			continue;
-
-		result += 2 + used; // windows number, window size, data
-	}
-
-	return result;
-}
-
-/*!
- * \brief Write bitmap in NSEC RDATA format.
- */
-static void bitmap_write(const bitmap_t *bitmap, uint8_t *output)
-{
-	uint8_t *write_ptr = output;
-	for (int win = 0; win < bitmap->used; win++) {
-		int used = bitmap->windows[win].used;
-		if (used == 0)
-			continue;
-
-		*write_ptr = (uint8_t)win;
-		write_ptr += 1;
-
-		*write_ptr = (uint8_t)used;
-		write_ptr += 1;
-
-		memcpy(write_ptr, bitmap->windows[win].data, used);
-		write_ptr += used;
-	}
-}
+#include "libknot/dnssec/nsec-bitmap.h"
+#include "libknot/dnssec/nsec3.h"
+#include "libknot/dnssec/zone-nsec.h"
+#include "libknot/util/utils.h"
+#include "libknot/zone/zone-contents.h"
 
 /* - NSEC chain iteration -------------------------------------------------- */