Researchers recently found a vulnerability in the way DNS resolvers handle DNSSEC validation that allow attackers to DoS resolvers with a single DNS request
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
It is highly recommended to upgrade your resolvers to the following versions:
- unbound: 1.91.1
- PiHole: FTL 5.25 or Docker 2024.02.0
- Bind9: 9.19.17
- dnsmasq: 2.90
- and probably any other resolver you use
I’m on DietPi 9 and the latest version for Debian 12 is 1.17.1, sadly. Though I do see 1.19.1 is in testing as of today, according to Debian’s package tracker site. Probably not worth trying to install an unstable version of it.
I installed it now, it is working fine with my pihole. It wasnt that much of a hussle but a bit of googling.