Recent versions of ISC BIND can rate-limit their responses themselves; Cisco ASA software can police packet flow rates but it's not their primary function.  If the only thing you want is rate-limiting, I wouldn't bother with the ASA.   If you need actual firewall, NAT, or IPS functionality, the ASA becomes useful.

To size an ASA, you'd need to know what kind of traffic rates you need to support, and what kind of inspections you plan to do.  Cisco has some published packet and throughput data at e.g.  

   http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html

In my own experience, simple firewall configurations and test traffic will at least meet and often exceed Cisco's guidance.

Personally, I'm using ASA 5525-x devices to support ~350 users on gigabit fiber uplinks averaging about 6kps, mixed sizes with good results.  With the older 5520's I was dropping packets during peak traffic surges to full line rates.

-- Jim Leinweber, WI State Lab of Hygiene

thank you for reply james

actually i have in my company kerio firewall, the problem born when we exposed our dns server to internet, it works as a public dns server, but whe we open 53 port our bandwith will be saturated,

i thought that we need something that manage dns requests, so as to prevent the same ip can make requests in a short time.

bind, if I'm not mistaken, is a linux based dns server, but we had already a dns server exposed...windows..

asa choise couldn't help me???