DNSSEC fix generally released.
Please run `pihole -up` to update Pi-hole with the fixes noted in the previous post. Thanks!
Fixing two new DNSSEC vulnerabilities
Today, we have been informed about two DNSSEC vulnerabilities in dnsmasq, which Pi-hole FTL is forked from. Both vulnerabilities, via specially crafted DNSSEC answers, can lead DNSSEC validators down a very CPU intensive and time costly validation/NSEC3 hash calculation path. This results in degraded performance and denial of service in trivially orchestrated attacks. In…
Read more