Flaws in the implementation of the DNS protocol allow it to be exploited and used for malicious activities. Because DNS is such a critical protocol for Internet operations, countless operating systems, and applications, operators and administrators must harden DNS servers to prevent them from being used maliciously. Some of these flaws are presented in this document to inform operators how they can be used maliciously. Techniques are shared that can be used to prevent these types of activities.

more info :

http://www.cisco.com/web/about/security/intelligence/dns-bcp.html