There's a new exploit for BIND 9 that will allow a remote attacker to shut down your DNS servers.
The exploit is in the wild, all versions are affected.
There is a patch / upgrade available.
Text from
www.isc.org:
Redwood City, California -- July 28, 2009 -- ISC has published new releases of all current versions BIND 9 in response to CERT Vulnerability Note VU#725188. See this ISC Security Advisory for details and instructions for downloading these releases.
An exploit of this vulnerability was made public at the same time the vulnerability was announced, which makes it especially important to upgrade.
Receipt of a specially-crafted dynamic update message may cause BIND 9 servers to exit. This vulnerability affects all servers ? it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.