There are very good reasons to have recursive lookups go through BIND, notably the ability to filter and rate limit external queries. In the current age where the favorite DOS attack seems to be DNS amplification, this is critical. Also, you might be justifiably concerned about having your AD domain controllers relatively open in the Internet.
You can set up zone transfers to only be allowed to your secondary. That should make you feel better about the xfer.
You still should have at least two domain controllers! But not so one is available for external lookups.
Blogger, entrepreneur and academic writer to write my essay.
<Moderator> External link removed.