how to protect name servers against cache corruption

In this case, a few people (some not on this list) would like the
operations community to realize that there are, in fact, some very doable
attacks that remain unaddressed by BIND 8.1.1.

...and which cannot be addressed in any name server without DNSSEC.