7.5.1 Problem
You want to set up a stealth slave name server, one that isn't queried by remote name servers.
7.5.2 Solution
Configure the name server as you would any other slave, but don't include it in the NS records for the zone (or zones) it's authoritative for.
7.5.3 Discussion
A stealth slave name server is a close cousin of a hidden primary master. Like a hidden primary, a stealth slave isn't included in the NS records for the zone it's authoritative for. Other than that, though, it has the same configuration as any other slave name server for that zone.
The function of a stealth slave name server may not be as obvious as that of a hidden primary. A hidden primary's benefit -- making it possible to manage a zone without the burden of serving queries for the zone -- doesn't apply to a stealth slave. So what's a stealth slave for?
Sometimes, you need another authoritative name server for a zone to serve some group of resolvers. Say you need a name server on a particular subnet, to serve the local resolvers. All of the subnet's resolvers live in the same zone, so they'll probably generate lots of queries for domain names in that zone. Shouldn't their local name server be authoritative for the zone?
But what if you already have as many NS records for the zone as you can fit in a UDP-based DNS message (usually 10 or 11)? Or what if you don't want remote name servers to query the new slave, because the subnet it's on isn't well-connected to the rest of the network? Just don't list it in the zone's NS records: remote name servers won't follow delegation to it, but you can configure local resolvers to query it directly.
Since the slave isn't in the list of NS records for the zone, the zone's other authoritative name servers won't send it NOTIFY messages by default. You'll have to configure the stealth slave's master name server to send it NOTIFY messages; for instructions, see Section 3.13.
7.5.4 See Also
Section 3.13 for configuring the stealth slave's master name server to send NOTIFY messages to the stealth slave.
Getting Started
Zone Data
BIND Name Server Configuration
Electronic Mail
BIND Name Server Operations
Delegation and Registration
Security
Interoperability and Upgrading
Resolvers and Programming
Logging and Troubleshooting
IPv6