Which of the following can be done to secure a BIND server? (Select THREE correct answers)
A. Run the BIND daemon as a nonroot user.
B. Configure ACLs.
C. Require clients to authenticate with a password before querying the server.
D. Run the BIND daemon in a chroot jail
E. Encrypt DNS traffic using SSL/TLS.