If you're running BIND 8.2.2, and you have the victim.dom name servers in your cache, and victim.dom changes its server names, then any user who can make recursive queries through your cache can break your victim.dom lookups until the old records time out. The complete attack is one brief burst of legitimate packets. This is, of course, not as disastrous as BIND's next buffer overflow, but it's still an interesting example of how an attacker can use BIND's bogus "credibility" mechanism to exacerbate the effects of a seemingly minor bug.
c72ec0dd61841711d365e087961f01b3cc66fb2e349bb4274b3c897e6f364742