In case you haven’t seen the news yet, there’s a serious new vulnerability in BIND 9. A carefully tailored dynamic update can crash your BIND 9 name server. Administrators of BIND 9 name servers – even those that don’t allow dynamic updates – are advised to upgrade immediately, as exploits are already public. You can find more information on ISC’s web site. ISC has released BIND 9.6.1-P1, 9.5.1-P3 and 9.4.3-P3 to address the vulnerability.
If you’re concerned that your name server might have been the target of such an attack, examine your syslog output for lines like this:
db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed exiting (due to assertion failure).
These indicate that your name server crashed, likely because of this vulnerability.