It was discovered that the Designate component in OpenStack would enter
an infinite loop when processing an internal zone file transfer if a
managed DNS zone included a resource record set whose size exceeded the
limitations of the DNS protocol, leading to a denial of service. Only
authenticated users with access to the Designate component can add such
resource record sets.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Created openstack-designate tracking bugs for this issue:
Affects: openstack-rdo [bug 1247952]