Authenticating DNS Queries

Is there any way to use a TSIG (or other) key in combination with a DNS query to authenticate into a DNS view for use with recursion? Something like:

key trusted-key {     algorithm HMAC-SHA256;     secret "blonggggg"; };  acl trusted { key trusted-key; };  view trusted {     match-clients { trusted; };     allow-recursion { any; }; }; 

If so, how would the querying client go about specifying the key for authentication? What if it can be guaranteed that the queries are always coming from a downstream DNS server providing local caching DNS for a branch office? Can the downstream DNS server be configured to use a particular key with all of the queries it’s forwarding to the upstream server?