Best practices in the industry dictate that recursive name services - a form of name resolution that requires a name server to relay requests to other name servers - should only be enabled on a DNS server for a restricted list of known, trusted requesters. Providing recursion to arbitrary IP addresses on the internet exposes a name server to both cache poisoning and denial of service attacks.
Cache poisoning or "pharming" allows a hacker to redirect traffic away from a real website to a fake one set up by the hacker. From there the hacker then steals a user's account information.
Cricket Liu, vice president of architecture at Infoblox, who had the study done by internet testing company The Measurement Factory, called the results frightening.