Q. How do I hide my dns server version number from command such as:
dig @ns1.example.com -c CH -t txt version.bind
How do I hide version under BIND9 Linux / UNIX systems?
A. This is nothing but security through obscurity. You can hide version but one can always fingerprint your name server to find out exact version details using fpdns tool.
Open your named.conf file, find out options { ... }; section,
options
{
query-source port 53;
query-source-v6 port 53;
listen-on { 174.ttt.xx.yy; };
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
dnssec-enable yes;
recursion no;
allow-notify { 174.zzz.yy.zz; 172.xx.yy.zz; };
version "BIND";
};To hide your bind version:
version "YOUR Message";
OR
version "use fpdns to get version number ;)";
Save and close the file. Restart named, enter:
# service bind9 restart
OR
# service named restart
How do I see bind version?
Use dig command, enter
$ dig @ns1.softlayer.com -c CH -t txt version.bind
As usual, you can use fpdns to find out version number.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 3 comments… read them below or add one }
Yeah did this awhile ago at work :-)
$ host -c CH -t txt version.bind ns1.ewtllc.com
Using domain server:
Name: ns1.ewtllc.com
Address: 66.151.59.101#53
Aliases:
version.bind descriptive text “Jeff’s Super mega xbox edition”
$ host -c CH -t txt version.bind ns2.ewtllc.com
Using domain server:
Name: ns2.ewtllc.com
Address: 66.151.59.102#53
Aliases:
version.bind descriptive text “Jeff’s Super mega xbox edition”
You know having a 2nd NS isn’t doing much for you since they are on the same network segment. If DNS is so important for your company, you should get it offnet.
So if you put the statement in place: version “BIND”; .
It will show ‘BIND’, however one can run the fpdns command to view the exact version. However, if you keep up on security updates and patches would there be a risk of not using this?
Excellent site!