[Pdns-users] Please validate my PowerDNS Infrastucture proposal

[Barron, Josh]

Hello all,

Please validate my proposed PDNS based infrastucture:

Customers (and internal support technicians) will login to "PowerDNS on Rails" or "PowerAdmin" Frontend server.  This server will host PDNS (not PDNS-Recursor) but will not respond to DNS queries from the Internet.  Its only access from behind the firewall will be web-based for domain administration.  
4 other servers, geographically distributed, will be used to run PDNS and PDNS-Recursor.  I would like them configured in possibly a superslave configuration.  Basically what I'm looking for is when the "Master" server described above creates a new domain or updates a domain, it sends notifies to the slaves to update or add the zone.  I want the name servers that respond to DNS queries to be slave servers and precursors only to try to mitigate any possible poisoning.  

What am I missing, if anything?  Any feedback or suggestions, even criticism, is welcome.  We are trying to create a geographically diverse, secure, and reliable DNS infrastructure for us and our customers.  We are migrating from a dual server setup (West running Bind 9, East running Men&Mice).

Thanks!
-Josh