This vulnerability is in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3. When recursion is enabled, it allows remote attackers to cause a denial of service via a sequence of queries when they are processed by the query_addsoa function.
ISC BIND 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
Denial of Service.
Upgrade to BIND 9.4.1 or BIND 9.5.0a4.