Discovered by Florian Maury, at the French Network and Information Security Agency (ANSSI), it is called “infinite recursion“.
It only affects DNS resolvers (and in certain circumstances, BIND software, even when it is on an authoritative server). It is present in several software systems, at least BIND (CVE-2014-8500), PowerDNS (CVE-2014-8601) and Unbound (CVE-2014-8602).
It does not seem to be present in the Microsoft Windows DNS resolver.
The vulnerability enables easy denial of service attack, which stops the operation of the resolver without committing extensive resources. It is therefore necessary for all DNS resolver managers to quickly update their software.
For Unbound, upgrade to 1.5.1 “Fix CVE-2014-8602: denial of service by making resolver chase endless series of delegations”.
For PowerDNS, upgrade to 3.6.2, which was released several weeks ago.