"Stealth" bind server in uncooperative organization

[meburr at gmail.com]

The company I work for has been acquired by a huge Windows shop. I'd
like to set up an authoritative server for what is now a "remote
office" (the acquired company). A sub-domain isn't an option. I've
asked.

I want to be able to add records for hosts on our network, without
having to go through corporate IS (submit a ticket and wait, and wait).
I could set up a server for a sub-domain of my choosing, but I want for
my hosts to be resolvable outside of our office. Of course for these
I'll have to go through IS.

As far as I can tell, if I'm authoritative for foo.com, I cannot do any
kind of forwarding for hosts that my server doesn't know about within
foo.com. Is there any way around this? As a last resort, I was thinking
about a script that would look up hosts that fail using a different
nameserver, and add them to my zone. If that's what I have to do, is
there a hook somewhere that I could use, like a "failed-queries-script"
parameter?

Thanks.