feature consultation -- per-zone initiator-side tsig keys

[Paul Vixie]

for reasons i won't go into, bind's configuration of tsig keys has an
unfortunate assymetry.  responders can specify what key has to be used
at a per-zone level, while requestors can only specify what key is to
be used at a per-responder level.  this makes it impossible for someone
to use key K1 when talking to server S about zone Z1, yet use key K2
when talking to the same server S about zone Z2.

i was thinking of a simple syntax change and couldn't find one, so i'm
currently thinking of a relatively complicated syntax change, which is
to clone the "server" statement and call the clone "zone-server".  so
whereas "server" takes one selector (the server address or ip prefix),
the "zone-server" statement would take two selectors, one being a zone
name and the other being the server address or ip prefix.

the logic would just be, when about to search for a "server" statement,
first search for a "zone-server" statement matching the zone you're
acting on behalf of.  if there's a "zone-server" statement, use it.  if
not, then search for a "server" statement in the traditional manner.  i
think, though, that this kind of thing warrants some community input,
so i'm asking for feedback, workarounds, or alternative suggestions.