Until you patch it, you’re also running BIND with three security holes — any one of which can be used to create DDOSs. These are CVE-2016-9131 (a malformed response to an ANY query can cause an assertion failure during recursion), CVE-2016-9147 (an error handling a query response containing inconsistent DNSSEC information could cause an assertion failure), and CVE-2016-9444 (an unusually formed DS record response could cause an assertion failure).