Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit queries to the server can trick the resolver into following an endless series of delegations, leading to ressource exhaustion and huge network usage.