Junos DNSSEC validation Denial of Service

Heavy DNSSEC validation load can cause assertion failure in Bind of Junos OS.
An attacker that is able to generate high volume of DNSSEC validation enabled queries can trigger the assertion failure that causes it to crash, resulting in a denial of service.
New builds of Junos OS software are available from Juniper. As a workaround disable the security extension if DNSSEC is not required by typing delete system services dns dnssec.
BIND stores a cache of query names that are known to be failing due to misconfigured name servers or a broken chain of trust. Under high query loads, when DNSSEC validation is active, it is possible for a condition to arise in which data from this cache of failing queries could be used before it was fully initialized, triggering an assertion failure.
Junos OS software build before 2013-02-13.
Check the OS build.