Internet Systems Consortium (ISC) has shipped a patch to cover a
“severe” cache poisoning vulnerability for BIND 9 users who have DNSSEC
validation turned on. The vulnerability exists in the way BIND 9 handles recursive client queries
that may cause additional records to be added to its cache.