{"id":9754,"date":"2026-01-09T10:03:37","date_gmt":"2026-01-09T10:03:37","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/01\/09\/cisco-small-business-switches-face-global-dns-crash-outage\/"},"modified":"2026-01-09T10:03:37","modified_gmt":"2026-01-09T10:03:37","slug":"cisco-small-business-switches-face-global-dns-crash-outage","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/01\/09\/cisco-small-business-switches-face-global-dns-crash-outage\/","title":{"rendered":"Cisco Small Business Switches Face Global DNS Crash Outage"},"content":{"rendered":"<p>    Cisco Small Business Switches Face Global DNS Crash Outage<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Network administrators worldwide reported widespread crashes in <a href=\"https:\/\/cybersecuritynews.com\/best-network-security-providers-for-ecommerce\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cisco small business switches<\/a> on January 8, 2026, triggered by fatal errors in the DNS client service.<\/p>\n<p>Devices entered reboot loops every few minutes, disrupting operations until DNS configurations were removed.\u200b<\/p>\n<p>The issue surfaced around 2 AM UTC, affecting models like CBS250, C1200, CBS350, SG350, and SG550X series switches. Logs showed DNS_CLIENT-F-SRCADDRFAIL errors failing to resolve domains such as \u201cwww.cisco.com\u201d and NIST time servers like \u201ctime-c.timefreq.bldrdoc.gov.\u201d<\/p>\n<p>Fatal errors from the DNSC task led to core dumps and automatic resets, with stack traces pointing to DNS resolution failures in firmware versions including 4.1.7.17, 4.1.3.36, and 4.1.7.24.\u200b<\/p>\n<p>Users on Cisco\u2019s community forums <a href=\"https:\/\/community.cisco.com\/t5\/switches-small-business\/cisco-cbs250-and-c1200-dns-crash\/td-p\/5359999\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">reported<\/a> managing dozens of affected devices and performing manual reconfiguration to stabilize them. One administrator noted, \u201cEvery single one crashed today\u2026 until I removed the DNS configuration,\u201d across 50 CBS250 and C1200 units. Similar reports hit Reddit, where SG550X owners confirmed identical symptoms starting simultaneously across sites.\u200b<\/p>\n<h2 class=\"wp-block-heading\" id=\"affected-software-versions\"><strong>Affected Software Versions<\/strong><\/h2>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Model\/Series<\/th>\n<th>Reported Versions<\/th>\n<th>Date Codes<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>CBS250\/C1200<\/td>\n<td>4.1.7.17, 4.1.3.36<\/td>\n<td>May 2025, May 2024<\/td>\n<\/tr>\n<tr>\n<td>CBS350<\/td>\n<td>4.1.7.24, 3.5.3.2<\/td>\n<td>Aug 2025, Unknown<\/td>\n<\/tr>\n<tr>\n<td>SG550X<\/td>\n<td>Various recent<\/td>\n<td>N\/A\u200b<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>The crashes linked to DNS lookups for default SNTP servers like time-pnp.cisco.com or www.cisco.com, even on switches without explicit NTP config.<\/p>\n<p>Forum users suspected that a resolver-side change on Cloudflare\u2019s <a href=\"https:\/\/cybersecuritynews.com\/1-1-1-1-dns-outage\/\" target=\"_blank\" rel=\"noreferrer noopener\">1.1.1.1 DNS<\/a> exacerbated the bug, since secondary servers like 8.8.8.8 might have mitigated it. Cisco\u2019s DNS client treats lookup failures as fatal, which is not resilient.\u200b<\/p>\n<p>Effective workarounds include:<\/p>\n<ul class=\"wp-block-list\">\n<li>Disabling DNS: <code>no ip name-server<\/code>, <code>no ip domain-lookup<\/code>.<\/li>\n<li>Removing default SNTP: <code>no sntp server time-pnp.cisco.com<\/code>.<\/li>\n<li>Blocking outbound switch internet access.\u200b<\/li>\n<\/ul>\n<p>Switches stabilized post-changes, though disabling DNS limits hostname resolution in configs.<\/p>\n<p>Cisco support acknowledged the problem to customers, confirming impacts on CBS, SG, and Catalyst 1200\/1300 lines, but no public advisory or patch exists as of January 9. No field notice appears in searches. This exposes small business networks to DoS-like disruptions from routine DNS issues, urging firmware vigilance.\u200b<\/p>\n<p>Admins should monitor for updates and apply workarounds promptly. The synchronized onset suggests a global trigger, possibly external DNS flux, highlighting firmware brittleness in embedded systems.\u200b<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/cisco-small-business-switches-dns-outage\/\">Cisco Small Business Switches Face Global DNS Crash Outage<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Guru Baran<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/cisco-small-business-switches-dns-outage\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Small Business Switches Face Global DNS Crash Outage Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service. Devices entered reboot loops every few minutes, disrupting operations until DNS configurations were removed.\u200b The issue surfaced around 2 AM UTC, affecting [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,1440],"tags":[130],"class_list":["post-9754","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-tech-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9754"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9754"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9754\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}