“Security is an especially compelling reason to keep current in
the case of DNS – and with its BIND 8.2.2 release, the Internet
Software Consortium (ISC) has provided a slew of reasons for
bringing your name service up to date. Many key features in BIND
8.2.2 are about security in the strict sense: support for
transaction signatures (TSIG), “split DNS” via a new zone type
forward (aka “selective forwarding”), and a preliminary DNSSEC
implementation. Others provide secure implementations of
performance and usability enhancements such as incremental zone
transfers and dynamic DNS. Still others bring BIND more closely
into line with the RFCs.”
“Flashy new features aside, the most immediate reason to
move to BIND 8.2.2 is the security problems that have bedeviled
previous versions – such as the remotely exploitable security
holes that dogged BIND 4, making it prey to various inverse-query
exploits and denial-of-service attacks….”