If your server is allowing recursive queries, then *I* can ask *your* server to resolve *anything I want* for me.
So, "dig @yourserver ns foo.bar.com" will cause YOUR server to do all the work for MY query which has nothing at all to do with the domains your server is authoritative for.
If you were unwise enough to be running your nameserver on Windows, then I'd also be able to poison your DNS cache and generally screw you over.
Unless you are using your nameserver as a local resolver then you should DISABLE recursive queries.
IF you are using your nameserver as a local resolver, then you should LIMIT recursive queries to your own clients' IP's only.
