Ok- i have been studying DNS lately, and thought it would maybe be helpful to list some of the things you can do to secure your DNS, as well as some of the security issues with DNS so that you are all aware.

It should be known that there are 13 "root servers" whcih coordinate the data (ip->NAME) and allow users to find the server that IDs with what they want. one of these servers is called the "authoritative root" which has the master copy of that data file aka "root zone file". the other 12 have a copy of this file. the servers are located in 4 different countries and run a variety of os's etc for redundancy and protection against vulnerablility.

on to security issues:
-admins forget to update their root.hints file, which points the DNS to these 13 servers. The ip's of these 13 can change. be aware to update every-so-often

-Make sure to update BIND or any other DNS software you are using. estimated 12% of DNS (130 million est. DNS servers) are using DNS software with known vulnerabilities. These holes allow for buffer overflow, spoofing, and cache poisoning.

-finally, TURN OFF RECURSIVE QUERIES! recursive queries is when your DNS doesnt have an answer, so it goes to the next DNS in the tree and forwards you the answer. (as opposed to handing the query off to another DNS). the response from the second DNS (the one up the tree) can be spoofed pretty easily.

DNS security isnt that tough, and like most other things if you keep up with patches and updates you should be set. hopefully you all learned at least a little something.