Researchers recently found a vulnerability in the way DNS resolvers handle DNSSEC validation that allow attackers to DoS resolvers with a single DNS request
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
It is highly recommended to upgrade your resolvers to the following versions:
- unbound: 1.91.1
- PiHole: FTL 5.25 or Docker 2024.02.0
- Bind9: 9.19.17
- dnsmasq: 2.90
- and probably any other resolver you use
Debian usually backports security fixes to older versions, so you may wanna check to Debian if they have an updated version of the package with the security fix.
This can be done by taking the CVE number related to this vulnerability and look at the package changelog.