The discussion thread gives a really good overview of why computer security stinks. Essentially, a simple and secure but basic bouts routine got replaced by a feature-rich but complicated one. Unsurprisingly, the complicated replacement has a grotesque security problem.
Complexity is the enemy of security, and developers are racing to add complexity. You can estimate where that will lead us ...
UPDATE 3 October 2016 11:24: It's actually even worse than I had thought. System implements the DNS protocol, but never implemented the DNS recommended best security practices. Idiots. This sums it up for me, too:
And folks wonder why I hate SystemD with a passion… Designed wrong, implemented badly, doing things it ought not do, in ways that are broken. And that’s just at first glance… now we know that anyone can hang your system in a non-recoverable state and the DNS can be poisoned. Oh Joy. /sarc;Complexity is not Security's friend.