Noone in the security field has any right to expect any implementation of
DNS to be secure until DNSSEC is widely implemented.
I'm sorry if something I said misled you to believe otherwise.
So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I
ask because you specifically stated that it was. Sorry to nag, I'd just
like to see this clarified to the operations community.