Open nameservers allow anyone in the world to perform queries on them, which can often lead to DOS attacks and slower performance. Most system administrators prefer to have their nameservers restricted and used only by trusted parties. To check your namesevers, use Intodns, a free tool! 

To do this kind of setup, you will need to configure your named configuration:

On command line:

nano /etc/named.conf

Look for this line at the top:

include “/etc/rndc.key”;

Now add this right below it:

acl “trusted” {
XXX.xxx.xxx.xxx,YYY.yyy.yyy.yyy;127.0.0.1;
};

The IPs should be those of the nameservers…you can add other trusted IPs as well.

Now in the options section right below that, add these lines:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

So your options section will look like this:

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};

When done, hit ctrl-x and save.

Restart named

/etc/init.d/named restart

Now you can use a service like DNSreport to make sure the changes took.

Update: Intodns is FREE and a great tool for troubleshooting DNS