Comment 3 for bug 1875939

just initial thought for the https://bugs.launchpad.net/designate/+bug/1852902
When the user add TSIG key to a zone and the backend is BIND, PDNS then using command line Nsupdate, and PDNS api (depend on dns server version) the tsig key will be added to backend plugin
A designate configuration can be added to enable/disable this feature and it will be disabled by default for backward compatibility

for the split view:

Solution 1.
I was working on this before https://review.opendev.org/#/c/693583/
which add the concept of internal/external view to the recordset so when an AXFR/also-notify happens for the recordset it will choose the right tsig-key, or response with the correct recordsets based on the tsig-key
for example if the recordset is marked external, external tsig-key is used for also-notify and this recordset will appear in the external view in AXFR if the external tsig-key is used

but before u said before u need more details about it (if this is ok i can provide more details)

Solution 2:
A new Type of zones is created called split-view when the user create a split-view zone designate will do the following
    * Create two zones in the backend
          Zone-internal
          Zone-external
    * Create two tsig-keys and attach them to the zone
          Internal-tsig key
          External-tsig key
    * In the backend plugin attach tsig-key to corresponding zone (internal/external)
    * AXFR/also-notify will be handled by the backend plugin

what do u think about each direction ( each one has cons/pros )

the idea with designate and split-view the user should know only one zone example.com. (not multiple internal / external zones)

am sending this to point me in the right direction so i can begin writing detailed SPEC