Not mentioned directly in the article, but extremely important, is that recursion should be disabled on any external Internet DNS servers hosting a company name.
That means that the server will only accept the responsibility of resolving its own zones, but will not look up any other zones on behalf of a client. Not only will it spare the DNS cache on the external servers, but it will prevent one type of Denial of Service attack, because your external servers will not contact any other DNS servers on hehalf of a client, but answer only for its own zone.
