dnstop is a great tool when maintaining a DNS server. Log file can give out required information but dnstop is just like top command for monitoring dns traffic. It is a small tool to listen on device or to parse the file savefile and collect and print statistics on the local network's DNS traffic. You can see information about all DNS clients, DNS queries and much more with this tool.

dnstop: Monitor DNS Server Network Traffic In Real Time

Dan Kaminsky earlier this month announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. These two articles explain how you can fix a BIND9 nameserver on Debian Etch and Fedora/CentOS so that it is not vulnerable anymore to DNS cache poisoning.

http://www.howtoforge.com/how-to-patch-bind-to-avoid-cache-poisoning-debian-etch

Unbound is a validating, recursive, and caching DNS resolver, released under a BSD license. Version 1.0.0 was released on May 20, 2008. This tutorial explains how to install and use it on Debian Etch, including the creation of zones for your own domains.

http://www.howtoforge.com/installing-using-unbound-nameserver-on-debian-etch

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

http://www.howtoforge.com/install-djbdns-nameserver-on-debian-etch