I would recommend running BIND on the same machine on which you run your
mail transfer agent (sendmail/postfix/whatever). This is probably your
present gateway/firewall machine. Run the most recent version of BIND
available for your distro - versions prior to 8.2.3/4.9.8 are known to have
security issues and configure it only to honour zone transfers from your
ISP's nameservers.
Good luck!
Michael
"sigismund"