ISC has learned of the potential for an error condition to occur in BIND 9 that can cause a nameserver to terminate with an assertion failure when processing queries if it has been configured to use both DNS64 and Response Policy Zones (RPZ).
Please see the full advisory at https://kb.isc.org/article/AA-00855 for details.
A specific query can cause BIND nameservers using DNS64 to exit with a REQUIRE assertion failure. BIND nameservers that are not using DNS64 are not at risk.
If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.