Last week a flaw was found that affects all versions of the BIND 9 software. This denial of service (DoS) vulnerability was rated critical by the Internet System Consortium (ISC) as it is difficult to defend against. The flaw named CVE-2015-5477, relates specifically to TKEY queries and allows for hackers to launch DoS attacks. When exploited this vulnerability can be used to crash both authoritative and recursive DNS servers.
DNS server owners are being told to check their logs for any sign of the “ANY TKEY” command. This command indicates that someone has attempted to crash the server.
The ISC said there is no work around to protect against the BIND vulnerability. The only solution is a patch, which the ISC has issued.
You can get the patch and read the advisory here.