[原文]The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
Cisco CSS 1100 series contains a flaw that may allow a remote denial of service. The issue is triggered when the Cisco CSS DNS server is prompted for a nonexistant AAAA records, the DNS server will respond with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"). These negative responses may be cached by various proxies or caching nameservers and will result in loss of availability for the domain.
Upgrade to version 5.00.2.01, 6.10, 7.20.0.03, 7.10.2.06 or higher, as it has been reported to fix this vulnerability.