As per upstream report:
The lame-ttl option controls how long named caches certain types of broken responses from authoritative servers (see the security advisory for details). This caching mechanism could be abused by an attacker to significantly degrade resolver performance. The vulnerability has been mitigated by changing the default value of lame-ttl to 0 and overriding any explicitly set value with 0, effectively disabling this mechanism altogether. ISC's testing has determined that doing that has a negligible impact on resolver performance while also preventing abuse.
Administrators may observe more traffic towards servers issuing certain types of broken responses than in previous BIND 9 releases.
Public via: https://kb.isc.org/v1/docs/cve-2021-25219
Created bind tracking bugs for this issue:
Affects: fedora-all [bug 2018037]