ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning

The remote DNS Server is running Bind 9 earlier than 9.4.3-P5, 9.5.2-P1, or 9.6.1-P3. Such versions are potentially affected by a remote cache-poisoning attack. An error exists in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses to be cached as if they had validated correctly.