PowerDNS Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service via a large AXFR or IXFR response.