Reason number eleventy-billion to be using “allow-recursion” ACLs on your internet-facing BIND DNS servers, along with rate-limit. But, yes, please patch.
FYI: A vulnerability was found in the domain name system that can be exploited to massively amplify traffic to a victim's DNS server, knocking it offline
You need to patch at least:
ISC BIND, NLnet labs Unbound, PowerDNS, and CZ NIC Knot Resolver
theregister.co.uk/2020/05/21…
May 22, 2020 · 8:46 AM UTC
1
1