Firmware-Bug legt Cisco-Switche lahm

Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by BleepingComputer.

Starting at approximately 2 AM, what appears to be a firmware bug in the switches' internal DNS client service began treating DNS lookup failures as fatal errors, causing affected devices to reboot repeatedly.

Switches impacted by the bug are logging fatal errors similar to the following before rebooting:

DNS_CLIENT - SRCADDRFAIL - Result is 2. Failed to identify address for specified name 'www.cisco.com.', requested addr type 2. ***** FATAL ERROR ***** Reporting Task: DNSC. [debug data] ***** END OF FATAL ERROR *****

Based on reports from administrators who contacted BleepingComputer, Reddit discussions, and Cisco Community forum [1, 2] posts, the fatal errors originate from the DNSC (DNS Client) task and occur when the switches attempt to resolve "www.cisco.com" and NTP time servers.

Administrators report that the reboot cycle repeats every few minutes, severely disrupting network operations.

"The cycle repeats every few minutes. This is obviously pretty disruptive and I'm not going to be able to sustain operations like this for very long," a Cisco customer wrote on Reddit.

Based on reports, the bug appears to impact a wide range of Cisco switch models, including:

• Cisco CBS250 series
• Cisco CBS350 series (including the CBS350-24P-4G)
• Cisco Catalyst C1200 series
• Cisco SG350
• Cisco SG350X
• Cisco SG550X series

Several administrators report that the failures began around the same time across separate networks, suggesting the issue was globally triggered or tied to a time-based condition.

While Cisco has not yet publicly disclosed the root cause, BleepingComputer was told that Cisco support acknowledged the issue to at least one customer, stating it affects CBS, SG, and Catalyst 1200/1300 switches.

For now, administrators have discovered temporary workarounds that stop the reboot loops, including disabling DNS resolution, disabling SNTP or time synchronization, and blocking outbound internet access from switch management interfaces.

Multiple users report that disabling DNS configurations stopped the reboot loops, even when DNS servers were reachable and functioning normally. In Cisco Community forum posts, users also confirmed that removing DNS resolution resolved the reboot loops.

BleepingComputer has contacted Cisco for comment and will update this article as more information becomes available.