"Lately, there's been a lot of news about BIND. First
of all, a new bug was found in BIND 8. Basically, a problem in the
transaction signature handling code could allow a buffer overflow
which allowed code to be executed as the user running the
nameserver. Then secondly, remote attackers can get information
about the running bind process from environment variables and the
stack. Security problems in BIND are not new news. In fact, one of
my name servers was attacked almost a year ago due to a buffer
overflow problem. ..."
"... (It is interesting to note that a small monetary award is
available to the "first person to publicly report a verifiable
security hole in the latest version of djbdns.")"