Ok, so how about something that collects and presents DNS statistics in a nice graphical manner? BIND 9.5 comes with a built in web server that gives you some stats but it still falls way short of the pretty graphs that you can get with rrdtool based applications such as Cacti.
How about being able to list the top 10 queriers and graph their usage patterns over time? What about showing what they are querying, and listing the top 10 queries? What about listing the records in your authoritative zones that are never queried, so you know you can delete them?
Also how about triggering an alert if the query rate goes over a certain limit? Or a certain limit from a single host? And showing what they are querying? This would help you detect hacking attempts. Maybe when this happens, get the "thing" to inject a rule into iptables that blackholes that client for a set time?
We’ve had all sorts of ideas but we don’t expect people to buy an appliance to do all this and stick it in front of your DNS servers. I’m thinking we just need a module that drops onto a Linux box running DNS and sniffs the port 53 traffic, so it doesn’t actually get in the way of the DNS server.
Just need to think of a name for it now.