CVE-2021-43105: 
Technitium DNS Server vulnerability analysis and mitigation

A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 allows specific malicious users to inject NS records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) and CVSS v2.0 Base Score of 4.0 MEDIUM (Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N). The vulnerability specifically affects the bailiwick checking mechanism, which is meant to validate and restrict NS record injections (NVD).

The vulnerability enables attackers to perform DNS cache poisoning attacks by injecting unauthorized NS records for any domain, including top-level domains (TLDs). This can lead to the redirection of DNS queries to malicious servers, potentially affecting the integrity of DNS resolution for all users of the affected DNS server (NVD, BleepingComputer).

The vulnerability has been patched in versions after 7.0. Users are advised to upgrade their Technitium DNS Server installations to the latest version to mitigate this security risk (Technitium Changelog).