unbound

About this tag
Unbound is a widely used open-source recursive DNS resolver maintained by NLnet Labs. Recent discussions on WindowsForum.com focus on CVE-2025-11411, a critical cache-poisoning vulnerability that allows crafted DNS responses to hijack non-DNSSEC zones. NLnet Labs released an emergency patch (version 1.2.x) to stop DNS delegation poisoning. The vulnerability exploits promiscuous NS resource record sets in the authority section, enabling domain hijacking. Users are advised to update Unbound immediately to mitigate this threat. The tag covers security patches, DNS vulnerabilities, and resolver hardening for Unbound on Windows and other platforms.
  1. Unbound CVE-2025-11411 Patch: Stop DNS Delegation Poisoning

    NLnet Labs has released an emergency patch for Unbound after researchers disclosed CVE-2025-11411, a cache‑poisoning class vulnerability that lets crafted responses carrying promiscuous NS resource record sets (RRSets) in the DNS authority section trick resolvers into updating delegation data —...