You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
edns security
About this tag
The edns security tag covers discussions about vulnerabilities and hardening measures related to the EDNS (Extended DNS) protocol, particularly in Windows DNS environments. A key topic is CVE-2026-41292, a denial-of-service flaw in Unbound versions up to 1.25.0 caused by excessively long EDNS option lists, which can degrade resolver performance. The fix in Unbound 1.25.1 highlights how EDNS parsing can become an attack surface. For Windows administrators relying on Unbound in appliances, VMs, or split-DNS setups, such vulnerabilities can masquerade as network outages. The tag focuses on practical security implications for enterprise DNS infrastructure.
On May 20, 2026, NLnet Labs disclosed CVE-2026-41292, a remotely reachable denial-of-service vulnerability in Unbound versions up to and including 1.25.0, where DNS queries carrying unusually long EDNS option lists can consume resolver thread time and degrade or deny service. The fix arrived in...