I recommend to add a note urging people to switch to BIND 9 (possibly mentioning "check-names ignore", which is one of the larger hurdles IIRC).
The main reason is this bug: CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...) - bind 1:8.4.7-1 (low) [sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix) NOTE: BIND 8 is unsuitable for forwarder use because of its NOTE: architecture. Upgrade to BIND 9 as a fix. NOTE: This was fixed in sid by documenting it as an unfixable design limitation -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]