dnssec

CVE-2026-4891 is a dnsmasq DNSSEC validation flaw disclosed on May 11, 2026, in which crafted DNS packets can trigger a heap-based out-of-bounds read, exposing memory information or contributing to service disruption in systems that rely on vulnerable dnsmasq builds. The oddity is not that a...

CVE-2026-4890 is a high-severity dnsmasq denial-of-service vulnerability disclosed on May 11, 2026, in which a remote attacker can use a crafted DNS packet against DNSSEC validation to make the resolver unavailable, affecting Linux distributions, appliances, and embedded network products that...

Microsoft has listed CVE-2026-42923, disclosed on May 20, 2026, as a degradation-of-service flaw in NLnet Labs Unbound, where vulnerable DNSSEC validation can spend excessive time on NSEC3 hash calculations and intermittently reduce resolver availability under attacker-controlled conditions. The...

Exchange Online is pushing deeper into DNS security at exactly the moment when email infrastructure is becoming a more attractive target for spoofing, tampering, and downgrade attacks. Microsoft’s latest update on modernizing mail flow security confirms that the company is not treating DNSSEC...

Modernizing DNS security for Exchange Online is no longer a niche transport tweak; it is becoming a central part of Microsoft’s mail-flow strategy. In a new update, the Microsoft 365 Messaging Team says it will add a DNSSEC Enablement Wizard in the Exchange Admin Center, expand admin control...

There is total loss of availability in the affected DNS validation path, and Microsoft’s own wording makes clear that the issue can be abused to drive sustained CPU exhaustion during insecure delegation validation. In practical terms, CVE-2026-1519 is the sort of flaw that can turn a resolver or...

A quiet but serious vulnerability in BIND 9 — tracked as CVE-2024-1975 — lets a remote attacker use DNS SIG(0) signatures to drive a resolver or server into sustained CPU exhaustion, effectively denying DNS service to legitimate users until the vulnerable process is patched or otherwise...

CoreDNS’s CVE-2024-0874 — a caching bug that can cause responses fetched with the DNS CD (Checking Disabled) flag to be stored and later served to queries missing that flag — is a real, practical risk for any environment that runs CoreDNS. The vulnerability was disclosed upstream in April 2024...

This step-by-step guide distills a practical, production-ready method for installing and configuring the DNS Server role on Windows Server, explains the core DNS concepts you need to operate and secure a DNS infrastructure, and provides hard-won troubleshooting and maintenance guidance so your...

DNS (Domain Name System) is the backbone of internet name resolution, yet historically it has been vulnerable to a range of security attacks such as DNS spoofing and cache poisoning. As cyber threats become increasingly sophisticated, organizations must prioritize security for their DNS...