Researchers recently found a vulnerability in the way DNS resolvers handle DNSSEC validation that allow attackers to DoS resolvers with a single DNS request
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
It is highly recommended to upgrade your resolvers to the following versions:
- unbound: 1.91.1
- PiHole: FTL 5.25 or Docker 2024.02.0
- Bind9: 9.19.17
If you use a third-party’s DNS server (such as Cloudflare, Quad9 or Google) as your upstream DNS server, you only have to update PiHole.
If you have set up your own upstream DNS server using a DNS resolver like unbound or Bind9, update it as well as your PiHole.
Makes sense, thanks for the response.