Given the increasing problem of DOS reflector attacks via the DNS -- see

	http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
	http://cc.uoregon.edu/cnews/winter2006/recursive.htm

should we ship a named.conf that disables recursion?  OpenBSD has
shipped that way since at least 2004.  

The problem is that doing it properly requires the site to fill in
trusted hosts or nets, which means that it won't run properly out of
the box for some configurations.

 --Steven M. Bellovin, http://www.cs.columbia.edu/~smb