After reviewing http://www.cymru.com/Documents/secur...-template.html
and learning of chrooted named environments, I figure this maybe a good way to setup a Split DNS system. To do this, I would create two chrooted environments for bind, one called /jail/bind.ext (external) and one called /jail.int (internal). Then I could allow the internal DNS server to query the external for anything, which would then forward the requests up to my ISPs DNS servers first (forward first on external, forward only on internal), as well as setup a local domain by creating a master zone file. My external DNS server would allow queries from the interal DNS server for forwarding, as well as queries for my public domain from any host. So, if I understand what I'm wanting to do correctly, in the end I would have two servers, both having master zone files, both in a secure and separate environment within the system.
Any extra thoughts?