We need a strategy for allowing zone transfers from a BIND9 server (as a
  secondary server) to the designate mDNS (the primary DNS server in this 
role) when it is not possible to create a direct link through a network 
attachment.

MetalLB is a possiblility but I do not know if the way MetalLB is 
implemented will result in a connection with an unexpected endpoint IP which BIND9 will reject. I'm looking for options as well as confirmation that:

• Does BIND9 only accepts zone data from primary DNS servers listed in the 
  initial zone data provided by rndc command?
• Will Two way TCP connections over MetalLB appear to BIND9 server as being 
  from the IP address from which it initiated the connection?
• Does designate designate use UDP to send
   DNS NOTIFY messages from designate mDNS to the BIND9 servers?
• How do I setup a test scenario to test this behaviour and experiment with 
  different options?