Just one bad DNS packet can bring down a public DNSSEC server

A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine.

You can read the full article here.