I noticed at the Cloud DNS access control, that the lowest resource level for most of the DNS permissions is the project level. Also, as per "IAM Conditions", the Cloud DNS service is not in the list of resources which support IAM conditions so I think that if you set the condition in the policy, it will always evaluate to false.
Sometimes, when a specific service doesn't support conditional policy binding, it's feasible to specify the condition at a project level with a ResourceManager IAM policy and constrain it based on resource type and resource service, as per "Resource attributes". However, I believe this will not work for you since you want a condition based on a resource name (such as DNS zone name), not just on a condition that the resource is a DNS zone (its type).
Additionally I found the following link, shows how to configure IAM permissions for networking scenarios, specifically I found the Network Admin role that will grant you permissions to create, modify, and delete “networking resources”, except for firewall rules and SSL certificates according to the documentation, this does not include grant a specific user permissions on a created zone but it's the closest I found.
Despite what was said, I've filed a Feature Request on your behalf for the product team to check if it is possible to evaluate the possibility to implement the functionality that fits your use case, you can follow up on this PIT, where you will be able to receive further updates from the team as well.
Keep in mind that there is no ETA, nor guarantee that this will be implemented. However, please feel free to ask for updates directly on the PIT.
