how to protect name servers against cache corruption

To reiterate: BIND 8.1.1 is not immune to all the variants of the attack
used by the Alternic,

False. The attacks which remain are not variants of the bug exploited by
AlterNIC, which was a program bug rather than a protocol misfeature.

                    and there are very real security problems that remain
(and will continue to remain) until the implementation of DNSSEC
(according to Mr. Vixie).


As this thread is now rapidly losing it's operations context (as well as
it's informative value), I'd suggest we now move towards killing it.

As soon as messages containing misstatements like the one above stop
appearing, I for one will be happy to return to lurk status.