Losing your DNS server can mean losing access to your web server and email server because, without DNS, no one can find them, effectively creating a Denial of Service (DOS) scenario.

An attacker who breaks into your DNS server can get information about your internal network, including the IP addresses of other servers, client machines, switches, and so on.

By poisoning the data in your DNS server or manipulating your DNS information, an attacker can cause people attempting to connect to your servers to be rerouted to the attackers' servers. Imagine what would happen if your clients typed their credit card information into a server they thought was yours and wasn't.

Have redundant servers. If one goes down, you'll have a backup.

Use one or more dedicated servers for DNS. There should be no users logging in or any other services on the system that can be used to attack it.

Restrict zone transfers so they can take place only between your DNS servers.

Use TSIGs (transaction signatures) to encrypt zone transfers between DNS servers.

Do not allow recursive queries to an Internet-facing nameserver. These servers should serve only name information that they are explicitly told about.

Recursive queries should be allowed only from your internal network.

Run BIND in a chroot jail and/or as a user with ...