disable recursion by attackers (yes, attackers do use recursion to perform DoS).

etc/named.conf

@@ -1,4 +1,4 @@
-# $NetBSD: named.conf,v 1.3 2005/11/29 21:08:13 christos Exp $
+# $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $
 
 # boot file for secondary name server
 # Note that there should be one primary entry for each SOA record.
@@ -6,6 +6,7 @@
 options {
 	directory "/etc/namedb";
 	query-source address * port 53;
+	allow-recursion { localhost; localnets; };
 };
 
 zone "." {