Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound DNS vulnerability

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 2 Posters 503 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cool_CoronaC
      Cool_Corona
      last edited by

      Reporting Unbound DNS vulnerability consisting of the following:

      • error parsing local data resulting in a Label Length Overflow
      • happens when Unbound DNS cannot resolve a non standard DNS FQDN
      • when the FQDN exceeds the limit of standard DNS naming
      • Label Length Overflow error resulting in a Bad local-data error
      • resulting in Unbound DNS fatal error: Could not set up local zones
      • Unbound DNS then stops working entirely, even configuration is reverted to factory default

      The issue is further aggravated if Split DNS is implemented using Unbound DNS and DNS Crypt

      • DNS Crypt also stops working together with Unbound DNS after the DDOS attack

      Vulnerabilities:

      • Unbound DNS has observed failure to resolve long non standard FQDN
      • there is a difficulty to directly edit the unbound.conf to block or mitigate the said issue
      • Unbound DNS results to a DNS fatal error: Could not set up local zones that persists even the opnsense configuration is reverted to factory defaults

      Question: Are pfsense affected as well??

      Log file:

      2020-11-30T16:23:27 unbound[71057] [71057:0] fatal error: Could not set up local zones
      2020-11-30T16:23:27 unbound[71057] [71057:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:23:27 unbound[71057] [71057:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:23:24 unbound[4987] daemonize unbound dhcpd watcher.
      2020-11-30T16:14:01 unbound[89281] [89281:0] fatal error: Could not set up local zones
      2020-11-30T16:14:01 unbound[89281] [89281:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:14:01 unbound[89281] [89281:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:13:52 unbound[22224] daemonize unbound dhcpd watcher.
      2020-11-30T16:11:59 unbound[98722] [98722:0] fatal error: Could not set up local zones
      2020-11-30T16:11:59 unbound[98722] [98722:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:11:59 unbound[98722] [98722:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:11:56 unbound[39141] daemonize unbound dhcpd watcher.
      2020-11-30T16:11:56 unbound[87946] [87946:0] fatal error: Could not set up local zones
      2020-11-30T16:11:56 unbound[87946] [87946:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:11:56 unbound[87946] [87946:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:11:47 unbound[9890] daemonize unbound dhcpd watcher.
      2020-11-30T16:06:41 unbound[86078] [86078:0] fatal error: Could not set up local zones
      2020-11-30T16:06:41 unbound[86078] [86078:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:06:41 unbound[86078] [86078:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:06:38 unbound[15883] [15883:0] fatal error: Could not set up local zones
      2020-11-30T16:06:38 unbound[15883] [15883:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:06:38 unbound[15883] [15883:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:06:30 unbound[42837] [42837:0] fatal error: Could not set up local zones
      2020-11-30T16:06:30 unbound[42837] [42837:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:06:30 unbound[42837] [42837:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T16:06:25 unbound[69502] [69502:0] fatal error: Could not set up local zones
      2020-11-30T16:06:25 unbound[69502] [69502:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T16:06:25 unbound[69502] [69502:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:52:55 unbound[41833] [41833:0] fatal error: Could not set up local zones
      2020-11-30T15:52:55 unbound[41833] [41833:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:52:55 unbound[41833] [41833:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:52:52 unbound[55880] [55880:0] fatal error: Could not set up local zones
      2020-11-30T15:52:52 unbound[55880] [55880:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:52:52 unbound[55880] [55880:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:49:46 unbound[55110] [55110:0] fatal error: Could not set up local zones
      2020-11-30T15:49:46 unbound[55110] [55110:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:49:46 unbound[55110] [55110:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:46:07 unbound[27466] [27466:0] fatal error: Could not set up local zones
      2020-11-30T15:46:07 unbound[27466] [27466:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:46:07 unbound[27466] [27466:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:46:04 unbound[9618] [9618:0] fatal error: Could not set up local zones
      2020-11-30T15:46:04 unbound[9618] [9618:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:46:04 unbound[9618] [9618:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:39:47 unbound[56088] [56088:0] fatal error: Could not set up local zones
      2020-11-30T15:39:47 unbound[56088] [56088:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:39:47 unbound[56088] [56088:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:38:00 unbound[49887] [49887:0] fatal error: Could not set up local zones
      2020-11-30T15:38:00 unbound[49887] [49887:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:38:00 unbound[49887] [49887:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:28:30 unbound[13423] [13423:0] fatal error: Could not set up local zones
      2020-11-30T15:28:30 unbound[13423] [13423:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:28:30 unbound[13423] [13423:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T15:27:52 unbound[17429] [17429:0] fatal error: Could not set up local zones
      2020-11-30T15:27:52 unbound[17429] [17429:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T15:27:52 unbound[17429] [17429:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:25:33 unbound[49293] [49293:0] fatal error: Could not set up local zones
      2020-11-30T07:25:33 unbound[49293] [49293:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:25:33 unbound[49293] [49293:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:23:26 unbound[84165] [84165:0] fatal error: Could not set up local zones
      2020-11-30T07:23:26 unbound[84165] [84165:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:23:26 unbound[84165] [84165:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:22:32 unbound[94117] [94117:0] fatal error: Could not set up local zones
      2020-11-30T07:22:32 unbound[94117] [94117:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:22:32 unbound[94117] [94117:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:22:26 unbound[88186] [88186:0] fatal error: Could not set up local zones
      2020-11-30T07:22:26 unbound[88186] [88186:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:22:26 unbound[88186] [88186:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:20:00 unbound[58133] [58133:0] fatal error: Could not set up local zones
      2020-11-30T07:20:00 unbound[58133] [58133:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:20:00 unbound[58133] [58133:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:15:47 unbound[92116] [92116:0] fatal error: Could not set up local zones
      2020-11-30T07:15:47 unbound[92116] [92116:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:15:47 unbound[92116] [92116:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:14:18 unbound[42586] [42586:0] fatal error: Could not set up local zones
      2020-11-30T07:14:18 unbound[42586] [42586:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:14:18 unbound[42586] [42586:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow
      2020-11-30T07:11:45 unbound[42870] [42870:0] fatal error: Could not set up local zones
      2020-11-30T07:11:45 unbound[42870] [42870:0] error: Bad local-data RR ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0
      2020-11-30T07:11:45 unbound[42870] [42870:0] error: error parsing local-data at 97 'ster.co.uk/2014/10/07/adobe_digital_editions_4_caught_snooping_into_ebook_collections_of_users/ A 0.0.0.0': Label length overflow

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Unless it's confirmed by NLnet labs/the Unbound project it's probably not actually a vulnerability.

        I don't see any recent CVEs from them on their releases, last one was with 1.10.1
        which is the version that is in pfSense 2.4.5-p1

        From the sound of what is being described there, however, it's not an unbound issue at all but something in the opnsense GUI that is not being validated. Even that claim seems dubious though (about it resetting to factory defaults).

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.