Month: February 2024

DNSSEC fix generally released.

Please run `pihole -up` to update Pi-hole with the fixes noted in the previous post. Thanks!

A lock

Fixing two new DNSSEC vulnerabilities

  Today, we have been informed about two DNSSEC vulnerabilities in dnsmasq, which Pi-hole FTL is forked from. Both vulnerabilities, via specially crafted DNSSEC answers, can lead DNSSEC validators down a very CPU intensive and time costly validation/NSEC3 hash calculation path. This results in degraded performance and denial of service in trivially orchestrated attacks. In…
Read more