Version 9.8.0b1 of BIND brings with it a new zone type, which IIRC was developed by the DeNIC. It is called a static-stub, and it allows an administrator to force queries for a particular zone to go to specified addresses instead of BIND recursing for the name server records of that zone.

So, for example, suppose you have a zone called uno.aa and you want BIND to direct queries at your name server located at mynameserver.example.com, you’d set up a static-stub zone as

    zone "uno.aa" {
      type static-stub;
      server-names {
        "mynameserver.example.com";
      };    
      // server-addresses {
      //    192.168.1.2;
      // };
    }
    

Instead of using server-names, you can use server-addresses.

So, I hear you asking, what’s the difference between static-stub and a forwarding zone? The difference is that with the former, BIND sends non- recursive queries (RD bit clear), whereas with the latter, the RD (recursion desired) is set.

Oh, and to forestall a question: yes, DNSSEC-signed zones work as well. Simply add your key material to the trusted-keys configuration, and Bob’s your uncle.

    trusted-keys {
      uno.aa 257 3 7 
      "AwEAAQsF/yU47wzGZ8ZmUTFfxSeHuvpEMqZ5ZL8C58njeHkvBBRpScu0
      ...
      tzyvx1hWsXaFfj8kdjQgLKWGcSpBO1/s/PPPtx+YiAsGlh2X+fVoxJ8O
      373hlGWRRBjKXnc=";
    };
    

Very practical for testing, at the moment.