The main domain is example.com, the dynamic zone is cable.example.com. The zonefile for example.com has a pointer for cable:

cable   IN      NS      ns1.example.com.

I can have cable.example.com point directly at an IP since the 'zone top' can have MX, NS and A records just like any other record. The cable.example.com zone is set up to allow dynamic updates from localhost. The relevant part of named.conf:

zone "cable.example.com" {
        type master;
        file "dynamic/cable.example.com-zone";
        allow-update {localhost;};
        allow-query { any; };
};

The directory dynamic and the file cable.example.com-zone are set up to be writable for the named process (which does not run as root for security reasons).

The special statement is the allow-update statement. The only host that can update this zone is localhost.

The contents of the zonefile is quite simple:

;BIND DUMP V8
$ORIGIN example.com.
cable   3600    IN      SOA     ns1.example.com. koos.example.com. (
                20010661 3600 600 7200 3600 )   ;Cl=3
                3600    IN      NS      ns1.example.com.  ;Cl=3
                3600    IN      MX      10 mx.example.com.       ;Cl=3
                1800    IN      A       213.17.82.219   ;Cl=3

Which is indeed the contents after it has been updated by named. The original contents was:

@           IN  SOA ns1.example.com. koos.example.com. (
            20010661    ; serial
            3600        ; refresh
            600         ; retry
            7200        ; expire
            3600        ; minimum
)
            IN  NS  ns1.example.com.
            IN  MX  10  mx.example.com.
            IN  A   127.0.0.1

which might be a bit more readable for those who have configured nameservers before.