ISC is urging BIND users to upgrade their production DNS servers immediately. ISC
recently announced a patch to fix an exploit in BIND. This exploit is in the wild
and has been used to crash BIND servers resulting in a denial of service. Using a
specially crafted dynamic update packet, a remote attacker can create an assertion
failure resulting in the BIND
named daemon exiting. This exploit is only possible
against servers that are masters for one or more zones, but doesn't require dynamic
updates to be allowed in order to cause the crash.
ISC has made patches available for BIND versions 9.4, 9.5, and 9.6.