BIND, the dominant DNS server software on the Internet, is vulnerable to a serious cache-poisoning attack that could enable an attacker to fool users rather easily into visiting a malicious Web site.