Failure to place limits on delegation chaining can allow an attacker to crash BIND or cause memory exhaustion.
By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process.).
Additional information: BIND: CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
All recursive resolvers are affected. Authoritative servers can be affected if an attacker can control a delegation traversed by the authoritative server in servicing the zone.
To close the vulnerability, BIND upgrade is required.
Call to Action
Upgrade BIND to the patched release most closely related to your current version. All the OS vendors already fixed
packages in their OS repositories:
For CentOS/RedHat systems:
# yum update bind
For Debian/Ubuntu systems:
# apt-get install bind9