There are multiple multiples :) both (hidden) primary and secondaries are multiple, snapshots every 20 minutes and forward-update functionality from the secondaries with replicated tsig over powerdns api every 120 seconds. since they are static they only need to replicate once.
if you register a zone and open the snippets quickly, there is a green notification saying tsig replication underway for x amount of seconds and until that happens RFC 2136 updates are not possible but the ones that use api are available right off the bat.
Really cool stuff. Out of curiosity what made you select PowerDNS (and in general a commodity DNS server) vs. developing a custom DNS server integrating your logic (using https://github.com/miekg/dns for instance).
Cool! How did you scale-out the hidden primary? Multiple instances communicating with a single postgres?
The hidden primary has a passive node, so saying multiple multiple maybe is an overstatement :) and yes, using a single postgres container