Maintained by: NLnet Labs

[Unbound-users] DNS poisoning - any ideas how this can happen?

Martin Bachmann
Mon Feb 9 18:33:52 CET 2015

Hi all,

We've run into a dns poisoning issue in our company network since Friday.
The issue is being discussed here: - we use Unbound on a
pfSense. A few other users have the same problem:

- All of a sudden, all host names resolve to a malware host.
- It stops automatically after some time
- There's no arp poisoning going on, so it really comes from Unbound on the


While "on":

$ host has address mail is handled by 10 mail is handled by 10


$host has address mail is handled by 10

Other wrongly resolved ips lead to (which tries to redirect
back to xsso.<>/<someidentifier>)

Any ideas?

- Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>