Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service.
Devices entered reboot loops every few minutes, disrupting operations until DNS configurations were removed.
The issue surfaced around 2 AM UTC, affecting models like CBS250, C1200, CBS350, SG350, and SG550X series switches. Logs showed DNS_CLIENT-F-SRCADDRFAIL errors failing to resolve domains such as “www.cisco.com” and NIST time servers like “time-c.timefreq.bldrdoc.gov.”
Fatal errors from the DNSC task led to core dumps and automatic resets, with stack traces pointing to DNS resolution failures in firmware versions including 4.1.7.17, 4.1.3.36, and 4.1.7.24.
Users on Cisco’s community forums reported managing dozens of affected devices and performing manual reconfiguration to stabilize them. One administrator noted, “Every single one crashed today… until I removed the DNS configuration,” across 50 CBS250 and C1200 units. Similar reports hit Reddit, where SG550X owners confirmed identical symptoms starting simultaneously across sites.
Affected Software Versions
| Model/Series | Reported Versions | Date Codes |
|---|---|---|
| CBS250/C1200 | 4.1.7.17, 4.1.3.36 | May 2025, May 2024 |
| CBS350 | 4.1.7.24, 3.5.3.2 | Aug 2025, Unknown |
| SG550X | Various recent | N/A |
The crashes linked to DNS lookups for default SNTP servers like time-pnp.cisco.com or www.cisco.com, even on switches without explicit NTP config.
Forum users suspected that a resolver-side change on Cloudflare’s 1.1.1.1 DNS exacerbated the bug, since secondary servers like 8.8.8.8 might have mitigated it. Cisco’s DNS client treats lookup failures as fatal, which is not resilient.
Effective workarounds include:
- Disabling DNS:
no ip name-server,no ip domain-lookup. - Removing default SNTP:
no sntp server time-pnp.cisco.com. - Blocking outbound switch internet access.
Switches stabilized post-changes, though disabling DNS limits hostname resolution in configs.
Cisco support acknowledged the problem to customers, confirming impacts on CBS, SG, and Catalyst 1200/1300 lines, but no public advisory or patch exists as of January 9. No field notice appears in searches. This exposes small business networks to DoS-like disruptions from routine DNS issues, urging firmware vigilance.
Admins should monitor for updates and apply workarounds promptly. The synchronized onset suggests a global trigger, possibly external DNS flux, highlighting firmware brittleness in embedded systems.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
