I've been running BIND on the internet for a quarter century (ns-he.nono.io, ns-digitalocean.nono.io). Sure, I got burned 20 years ago with, IIRC, a zone-transfer exploit, but in those days BIND ran as root (remember: the internet was new then). Nowadays BIND runs as a non-privileged user in a chroot'ed environment, so even if it's compromised the blast radius is tightly constrained.

And I like BIND. I like editing zone files by hand. It never fails to make me happy.