ISC reports:
A malformed query response received by a recursive
server in response to a query of RTYPE ANY could
trigger an assertion failure while named is attempting
to add the RRs in the query response to the cache.
Depending on the type of query and the EDNS options
in the query they receive, DNSSEC-enabled authoritative
servers are expected to include RRSIG and other RRsets
in their responses to recursive servers.
DNSSEC-validating servers will also make specific queries
for DS and other RRsets.
Whether DNSSEC-validating or not, an error in processing
malformed query responses that contain DNSSEC-related
RRsets that are inconsistent with other RRsets in the
same query response can trigger an assertion failure.
Although the combination of properties which triggers
the assertion should not occur in normal traffic, it
is potentially possible for the assertion to be triggered
deliberately by an attacker sending a specially-constructed
answer.
An unusually-formed answer containing a DS resource
record could trigger an assertion failure. While the
combination of properties which triggers the assertion
should not occur in normal traffic, it is potentially
possible for the assertion to be triggered deliberately
by an attacker sending a specially-constructed answer
having the required properties.
An error in handling certain queries can cause an
assertion failure when a server is using the
nxdomain-redirect feature to cover a zone for which
it is also providing authoritative service.
A vulnerable server could be intentionally stopped
by an attacker if it was using a configuration that
met the criteria for the vulnerability and if the
attacker could cause it to accept a query that
possessed the required attributes.