See:
http://www.dnsinspect.com/dynect.net/1477478626and
http://www.dnsinspect.com/dynect.com/1477479296where we can conclude that there was excessive nameserver version info proliferation....
Power DNS authorative server was indeed updated to the last version,
but vertex-bind 2.0.2 is exploitable for the first nameserver mentioned.
Did they in charge of security at Dyn's check using The BIND 9 Security Vulnerability Matrix for shade-vertex? I doubt it.
Then there also are certificate installation SAN errors. Do a crypto report scan and it is all obvious.
Remember the Hacktivist dDos could attcak DNS at a central point,
and when the responsible security admin has been sleeping,
while he was instructed back then at schooling
about how to avoid excessive nameserver version info proliferation,
and protecting against exploits like shade-vertex,
we may get giant security breaches like we experienced here lately,
also when a broad iOT bot network of kettles, coffeemakers and fridges
had become available to the attackers, we all walk on frail ice, folks.
polonus