Two Denial of Service issues have been found with BIND. An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. CVE-2006-4095, CVE-2006-4096
As always, I've created a binpatch.