ah! That's rather easy to achieve, and we actually do it all the time. There are (at least) two ways you can achieve this:
- Set up a caching, recusrively resolving nameserver somewhere on your network (for us it's our central router/firewall/security appliance that comes with said nameserver). In that nameserver instance set up request routing so that requests to your UCS domain are forwarded to the UCS DC Master. Then configure DHCP (and IPv6 SLAAC if you're using IPV6) to distribute that other nameserver as the nameserver to use.
- Similar to 1: set up a recusrively resolving nameserver somewhere on your network. Then configure that nameserver to be a slave for your UCS domain. Here you obviously need to configure the DC Master to allow transfers to that server. Again distribute the other nameserver via DHCP.
I'm using method 1 all the time including in our production network. The drawback during outages of the DC Master is that entries for the local UCS domain are only resolvable as long as they're cached.
About method 2: I haven't used that method myself yet, but it should be easy enough to set up. The DC Master's zone is already configured as "type master;". Now all you have to do is to add appropriate "allow-transfer" stanzas in "/etc/bind/named.conf.local" (which isn't managed by UCS' templating mechanism). The advantage is that obvioulsy that a DNS slave will allow for much longer outages of the DNS master (hours or days) before it starts to consider its data to be stale.
An easy way to achieve method 2 should be to use a UCS DC Slave server for that job. It contains a copy of the whole LDAP (and it is synchronized with the DC Master automatically), its DNS server uses its local LDAP, and it should therefore work without the DC Master just fine.