Configuring BIND is no cakewalk, it is a challenging task and it is thus no surprise to me that many BIND servers are misconfigured and open to exploitation. IMO the first step to decreasing the number of exploitable DNS servers is to make the configuration of BIND more straightforward and easy to comprehend.