When configuring DNS for a network, there are several things an administrator can do to increase the security of the DNS servers.
A DNS zone is the database containing the DNS records for a network. Every DNS zone needs a primary DNS server and at least one secondary DNS server. It is important that each of the DNS servers contains the most recent version of the zone; the process that accomplishes this is known as a zone transfer.
It is good security practice to restrict zone transfers to the IP addresses of the DNS servers in your own network. For example, on the primary DNS server, input the IP addresses of the secondary DNS server(s)--this will prevent zone transfer requests from DNS servers or clients outside of your own network. On the secondary DNS server(s), input the IP address of the primary DNS server—this will prevent them from accepting zone information from DNS servers outside of your own network.
More details of this article, go to DNSstuff.com