[please reply to list]
Yes: recursors don't have NS records pointing at them.  The clients
learn the IP addresses of the recursors through DHCP, or manual
configuration.
Yes.  This avoids abuse of your recursors.  (Or you can keep your
recursors on a private network, or behind a firewall which doesn't allow
inbound connections).
If by 'real' you mean pdns-authoritative, yes.

Alternatively, don't put it on the Internet, but make your domain's
public authoritative nameservers slave or replicate from it.

Even if you do put it on the Internet, you still need at least one other
nameserver to replicate from it, on a different network and ideally a
different continent (RFC 2182).
No.

Your recursor will automatically follow the delegations from nameservers
on the Internet.  If the recursor wants to resolve www.example.com:

- first it queries the root nameservers, which will return a delegation
(NS records) pointing to .com nameservers
- it asks one of them, which will return a delegation to example.com
nameservers
- it asks one of them, which gives the final answer
- all the answers, intermediate and final, are cached

This works the same for your own domains as for anybody else's domains. 
To see a demo of this in action, try:

$ dig +trace www.google.com  # or domain of your choice

You don't need to configure the recursor to do this - unless the domain
is private (unregistered, or not delegated).

As an example: if you want to do reverse DNS for private IP addresses,
you will need to forward the domains like 168.192.in-addr.arpa or
10.in-addr.arpa to your authoritative servers, because you can't get
real delegation in the public DNS for this.

As another example: if you have the domain foo.com, and you want to
create a domain int.foo.com which is *only* resolvable on your network
and not in the public Internet, then you can create int.foo.com but
*not* add NS records for it.  Then the recursor must be configured to
forward int.foo.com to the auth server.

Regards,

Brian.