The solution is apparently to start used random selected UDP source
ports on the nameserver when answering to DNS requests. Well the new
problem has with this solution already been created : "Vulnerability in
IANA root servers, servers go down after UDP port storm."
The only sensible solution is to create a hierarchical slaves.conf
access list. WHO are allowed recursive access to higher up bind
servers? Besides selection using ip-numbers, one can also be awarded
with a valid DNS SEC hmac-md5 key. Ok I know this is Big Brother style
stuff. But i don't know of any DNS hackers who like to leave their
identity inside nameserver logs.