You might ask which is more secure, Microsoft DNS (which comes with Windows)
or the more common BIND. Most organizations that have Windows-based networks rely
on Microsoft DNS because it’s a core component of Active Directory, but many people claim
that BIND is more secure.
Comparing the security of the two products is difficult. BIND allows for finer configuration
and has full DNS Security Extensions support, but it has a longer history of security flaws than
Microsoft’s DNS implementation. Microsoft DNS is easier to configure, so some argue that
there’s a smaller chance for configuration errors. However, because it’s easy to configure, inexperienced
administrators might use it and introduce errors. Ultimately, you can build a secure
DNS server with either of the two products. Unlike most security vulnerabilities, DNS problems
are more often a result of configuration errors rather than software flaws.