https://calomel.org/nsd_dns.html
NSD is lightweight and faster and simpler to configure than bind. It doesn't support dynamic dns update, so in my case I use it as a secondary dns server:
apt-get install nsd
Here's a config for a secondary dns receiving notify and issuing AXFR transfer using a hmac-sha512 key (symetric secret key shared with the primary server).
server: ip-address: 0.0.0.0 ip-address: :: port: 53 server-count: 1 ip4-only: yes hide-version: yes identity: "" zonesdir: "/etc/nsd" verbosity: 3 key: name: "schwarz.in.philpep.org." algorithm: hmac-sha512 secret: "XXX XXX==" zone: name: philpep.org zonefile: philpep.org allow-notify: 192.168.62.2 schwarz.in.philpep.org. request-xfr: AXFR 192.168.62.2@53 schwarz.in.philpep.org.