How To Hide BIND DNS Sever Version
Q. How do I hide my dns server version number from command such as:
dig @ns1.example.com -c CH -t txt version.bind
How do I hide version under BIND9 Linux / UNIX systems?
A. This is nothing but security through obscurity. You can hide version but one can always fingerprint your name server to find out exact version details using fpdns tool.
Open your named.conf file, find out options { ... }; section,
options
{
query-source port 53;
query-source-v6 port 53;
listen-on { 174.ttt.xx.yy; };
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
dnssec-enable yes;
recursion no;
allow-notify { 174.zzz.yy.zz; 172.xx.yy.zz; };
version "BIND";
};
To hide your bind version:
version "YOUR Message";
OR
version "use fpdns to get version number ;)";
Save and close the file. Restart named, enter:
# service bind9 restart
OR
# service named restart
How do I see bind version?
Use dig command, enter
$ dig @ns1.softlayer.com -c CH -t txt version.bind
As usual, you can use fpdns to find out version number.
Capture each and every moment of life with a FREE 4 GB SD memory card with the purchase of select digital cameras from Canon, Nikon, Pentax and others from Amazon
E-mail
Print
Can't find an answer to your question? Contact us
Related Other Helpful FAQs:
- Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives
- Monit: Monitor BIND 9 (named) Name Server and Auto Restart SSH If It Does Not Respond
- nslookup / host Dns Client Testing Command Not Found on Debian / Ubuntu Linux
- How To Set BIND9 With Go Daddy Registered Domain
- Linux Download and Install Marvell SATA driver for Sun X4500 Sever
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: bind version, bind9, data cache, exact version, name server, named.conf, port 53, recursion, Security Through Obscurity, server version, txt version, version details
July 3rd, 2008 at 2:07 am
Yeah did this awhile ago at work
$ host -c CH -t txt version.bind ns1.ewtllc.com
Using domain server:
Name: ns1.ewtllc.com
Address: 66.151.59.101#53
Aliases:
version.bind descriptive text “Jeff’s Super mega xbox edition”
$ host -c CH -t txt version.bind ns2.ewtllc.com
Using domain server:
Name: ns2.ewtllc.com
Address: 66.151.59.102#53
Aliases:
version.bind descriptive text “Jeff’s Super mega xbox edition”
August 30th, 2008 at 7:14 pm
You know having a 2nd NS isn’t doing much for you since they are on the same network segment. If DNS is so important for your company, you should get it offnet.