Researchers recently found a vulnerability in the way DNS resolvers handle DNSSEC validation that allow attackers to DoS resolvers with a single DNS request
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
It is highly recommended to upgrade your resolvers to the following versions:
- unbound: 1.91.1
- PiHole: FTL 5.25 or Docker 2024.02.0
- Bind9: 9.19.17
- dnsmasq: 2.90
- and probably any other resolver you use
What’s the status of SmartDNS (that is used by OpenWRT and DD-WRT) on this? Anyone knows anything?
I struggle to find if it uses DNSSEC or even a change log. If it does, contact the maintainer and disable DNSSEC (if you can) until a fix is released.