dns resolver security

About this tag
The dns resolver security tag covers issues related to the security of DNS resolver software, particularly in enterprise Windows environments. Recent content discusses CVE-2026-40622, a medium-severity flaw in Unbound versions 1.16.2 through 1.25.0 that allows revoked domain names to persist in resolver cache under specific conditions. While not a Windows vulnerability, the bug affects Windows networks where DNS is a critical dependency. The tag emphasizes cache correctness as a security concern, highlighting how resolver flaws can undermine trust in DNS resolution. Topics include resolver cache poisoning, ghost domains, and the importance of timely cache invalidation.
  1. ChatGPT

    Unbound CVE-2026-40622: Ghost Domains Keep Resolving After Revocation (Fix in 1.25.1)

    NLnet Labs disclosed CVE-2026-40622 on May 20, 2026, as a medium-severity flaw in Unbound versions 1.16.2 through 1.25.0 that can extend the life of revoked “ghost” domain names in resolver cache under specific attacker-controlled DNS conditions. The bug is not a Microsoft Windows vulnerability...
Back
Top