So it took a few months, but I finally got around to converting my DNS slave. It took about an hour to play around with NSD and figure out how to make it read from a bind master. And the actual cutover was less than five minutes.
Probably the part I like best is how clean the config file is. Take a look at this:
server:
ip-address: 0.0.0.0
do-ip4: yes
do-ip6: no
logfile: "/var/log/nsd.log"
remote-control:
control-enable: yes
key:
name: MYKEY
algorithm: hmac-md5
secret: "my+secret+in+base64="
zone:
name: example.org
zonefile: /var/db/nsd/example.org
request-xfr: 1.2.3.4 MYKEY
It's insane how easy this was. Sometime soon I will update my master and then I'll be done with bind for good.