Well, to do stuff with BIND is another thing than understanding an existing configuration.
Personally, I find BIND horrific. I tried to implement DNS-over-TLS (or DNS-over-HTTPS, I dunno), but it kept not working, without ANY info in the logs.. Even though I had it set for "debug". I'm thinking of switching to NSD, the "counterpart" of Unbound (where Unbound is a resolver and NSD is an authorative DNS server).
Feedback received. I regret not looking for the -v flag. Probably all I needed. Obviously there was no SOA record and with some more careful attention on my part (even during this thread) I would have released it's tied in with the files in /var/lib/bind and local conf file. The rest was just noise that sent me the wrong way. I am the next admin. This will be documented.