labs.ripe.net
KeyTrap Algorithmic Complexity Attacks Exploit Fundamental Design Flaw in DNSSEC
With only a single DNS packet, the attack can exhaust the CPU and stall all widely used DNS implementations and public DNS providers, such as Google Public DNS and Cloudflare. In fact, the popular Bind9 DNS implementation can be stalled for as long as 16 hours.