You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
dns resolver security
About this tag
The dns resolver security tag covers issues related to the security of DNS resolver software, particularly in enterprise Windows environments. Recent content discusses CVE-2026-40622, a medium-severity flaw in Unbound versions 1.16.2 through 1.25.0 that allows revoked domain names to persist in resolver cache under specific conditions. While not a Windows vulnerability, the bug affects Windows networks where DNS is a critical dependency. The tag emphasizes cache correctness as a security concern, highlighting how resolver flaws can undermine trust in DNS resolution. Topics include resolver cache poisoning, ghost domains, and the importance of timely cache invalidation.
NLnet Labs disclosed CVE-2026-40622 on May 20, 2026, as a medium-severity flaw in Unbound versions 1.16.2 through 1.25.0 that can extend the life of revoked “ghost” domain names in resolver cache under specific attacker-controlled DNS conditions. The bug is not a Microsoft Windows vulnerability...