BIND is exposed to a new vulnerability which can be exploited remotely in order to derandomize the name server selection algorithm. Exploitation of this vulnerability can be used in conjunction with other off-path DNS cache poisoning exploits in order to make them more efficient. ISC has acknowledged the vulnerability and plans to address this deficiency by re-implementing the SRTT algorithm in future maintenance releases of the BIND 9 code. This whitepaper goes into great detail regarding this issue.
84356c82ef3047b3388b1711d4f92e2ade893d39556c93520d7e0953f3faf27f