FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unbound -- Non-Responsive Delegation Attack

Affected packages
unbound < 1.16.2


VuXML ID 5a1c2e06-3fb7-11ed-a402-b42e991fc52e
Discovery 2022-09-26
Entry 2022-09-29

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation.



CVE Name CVE-2022-3204