2011-05-27 - News - Chris Thompson
ISC have issued a high severity advisory
http://www.isc.org/software/bind/advisories/cve-2011-1910
and several fixed BIND versions are now available (9.4-ESV-R4-P1, 9.6-ESV-R4-P1, 9.7.3-P1, 9.8.0-P2).
This bug can only be exercised if DNSSEC validation is turned on, but that is increasingly becoming the default setup these days.