Michelle Chubirka from Post Modern Security spent ten years as a sysadmin with a primary focus on managing a BIND DNS for a very large university in the US.
With some regret, she says:
This history makes what I’m about to recommend even more shocking. Outside of service providers, I no longer believe that organizations should run their own public DNS servers. Most enterprises get along fine using Active Directory for internal authentication and name resolution, using a DNS provider such as Neustar, Amazon or Akamai to resolve external services. They don’t need to take on the risk associated with managing external authoritative DNS servers or even load-balancing most public services.
FWIW, I agree with this. Today, its simply not practical to run your own DNS system on the public internet. The primary reason is a simple DDOS on the system but there are many secondary reasons too.