Security


To ensure that your nameserver is secure:
Run BIND as a non-root user
Create a user and a group (eg 'bind')
Make a directory called /var/run/named that is owned by the user and group that you created
Make sure BIND can write to any other directories that it needs to (eg in Debian /var/cache/bind)
Add pid-file "/var/run/named/named.pid"; to named.conf
Edit your init script (in Debian /etc/init.d/bind) to so that bind is started with with the command line options '-u bind -g bind' 
Run BIND in a chroot jail
Keep up to date with security updates