Cisco Switch Reboot Loop Caused by DNS Bug
▼ Summary
– Multiple Cisco switch models are experiencing continuous reboot loops due to a firmware bug that treats DNS lookup failures as fatal errors.
– The bug is triggered when the switches attempt to resolve “www.cisco.com” and NTP servers, causing a fatal error from the DNS Client (DNSC) task.
– Affected models include the CBS250/350 series, Catalyst C1200 series, and SG350/350X/550X series, with failures starting globally around the same time.
– The reboot cycles repeat every few minutes, severely disrupting network operations, and Cisco support has acknowledged the issue to customers.
– Temporary workarounds include disabling DNS resolution, SNTP/time sync, or blocking outbound internet access from the management interfaces.
A widespread technical issue is causing numerous Cisco switch models to enter a continuous reboot cycle, severely disrupting network operations. The problem appears to be linked to a firmware bug within the device’s internal DNS client service. Starting around 2 AM, this bug began treating routine DNS lookup failures as critical, fatal errors, forcing the affected hardware to restart repeatedly. This creates a loop where the switch boots, attempts a DNS query, encounters the error, and then reboots again, crippling network stability.
The switches log a specific error message before each restart. The log indicates a failure to identify an address for the domain name ‘www.cisco.com’, followed by a FATAL ERROR reported by the DNSC (DNS Client) task. Reports from network administrators on forums like Reddit and the Cisco Community confirm the errors also occur when the devices attempt to resolve addresses for NTP time servers. This cycle of rebooting happens every few minutes, making sustained network operations nearly impossible.
The impacted models include a broad range of Cisco’s small business and catalyst switches. Administrators have identified the Cisco CBS250 series, CBS350 series, Catalyst C1200 series, SG350, SG350X, and SG550X series as being affected. Notably, failures began occurring simultaneously across geographically separate networks, pointing to a globally triggered event or a time-based condition within the devices’ firmware.
While Cisco has not issued an official public statement on the root cause, support teams have privately acknowledged the issue to some customers, confirming it affects CBS, SG, and Catalyst 1200/1300 series switches. In the absence of an official patch, administrators have identified several effective temporary workarounds to halt the destructive reboot loops.
The most reliable solution involves disabling DNS resolution on the switch entirely. Multiple users confirm that removing or disabling the DNS configuration stops the rebooting, even when the configured DNS servers are fully operational and reachable. Alternative methods include disabling SNTP or time synchronization services and blocking outbound internet access from the switch’s management interfaces. These steps prevent the switch from attempting the problematic DNS queries that trigger the fatal error. Network teams are implementing these measures to restore stability while awaiting a permanent firmware fix from Cisco.
(Source: Bleeping Computer)
