obamia
1
Using the dnsmasq-full package for having DNSSEC validation is currently exposing you to two new vulnerabilities.
sources:
https://pi-hole.net/blog/2024/02/13/fixing-two-new-dnssec-vulnerabilities/
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
The dnsmasq version 2.90 currently addresses these issues, it is not yet updated on the openwrt's packages lists.
2 Likes
Thanks!
It must have just happened because I checked Pi-hole's interface recently but sure enough it is screaming "update" now.
Oh, I see now that it is not going to address this until they release pi-hole v6.
Which makes me sad because I use Cloudflare and DNSSEC
PjV
3
I think you misunderstood the comments: FTL 5.25 includes the dnssec fix.
1 Like