Shani Stajnrod

**Name of the Vulnerable Software and Affected Versions** Unbound versions prior to 1.16.3 **Description** The issue is related to a Non-Responsive Delegation Attack (NRDelegation Attack) that affects various DNS resolving software, including Unbound. This attack involves a malicious delegation with a considerable number of non-responsive nameservers, causing the resolver to spend significant time and resources resolving records under the malicious delegation point. Although Unbound does not suffer from high CPU usage, it still requires resources to resolve the malicious delegation, which can lead to degraded performance and potentially a denial of service in orchestrated attacks. **Recommendations** For Unbound versions prior to 1.16.3, update to version 1.16.3 or later, which introduces fixes for better performance when under load by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching, and limiting the number of times a delegation point can issue a cache lookup for missing records.

**Name of the Vulnerable Software and Affected Versions** BIND versions (affected versions not specified) **Description** The issue is related to a flaw in the resolver code of the DNS server, which can be exploited by flooding the target resolver with queries, significantly impairing its performance and effectively denying legitimate clients access to the DNS resolution service. This can lead to a denial of service (DoS) attack. The vulnerability is associated with improper management of internal resources within the application when handling large delegations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.