BIND9: What is the "right" way to create a new zone?

There seems to be no other way than copying some skeleton file (don't use FQDNs in this skeleton, and the same file will fit for any new zone).

Newer BINDs have rndc addzone command which permanently adds zone to bind configuration without adding it to named.conf and without reloading/reconfiguring BIND (zone file should already exist before you run rndc addzone).

I use script that copies zone "skeleton" to some new permanent location and then runs the appropriate rndc addzone.

I always scripted mine. Wrote out a skeleton zone file, added the zone to the config, reloaded BIND, done. Script could be triggered manually, automatically by another piece of automation over SSH, via web service, or anything else that can invoke a command.

I'm managing about 50 zones, which is not that much but still a lot to do manually, so I decided to create a tool which allows me to create .ini like files and use variables and can setup the necessary entries for Postfix (a.k.a. SPF, DMARC, DKIM).

Otherwise, I do not know of any good way of managing the files in BIND9. Not only that, the files are RAW data. In other words, you need to know the exact DNS syntax before you can edit those files. I find that rather complicated. Until my tool, I used to just copy/paste an existing zone, edit it, add a reference to the name.conf.local and reload. Either way is tedious. With my tool, I create very simple files and run the ipmgr command¹.

domain=example.com
mail=mail
dynamic=letsencrypt

[mail]
subdomains=mail
key_ttl=30m

[website]
subdomains=${website_subdomains}

The default TTLs, the website_subdomains, etc. are defined in a global file. So all I have to do is copy/paste, change the domain=... parameter, run ipmgr, done (Note that ipmgr is in charge of restarting BIND9 as required).

¹ Note that it's a bit of work to recompile since it has many dependencies. If you are on Ubuntu LTS, you should be able to install it from the PPA.