By hiding out DNS server version number you can improve server security. fpdns is a program that remotely determines DNS server versions. It does this by sending a series of borderline DNS queries which are compared against a table of responses and server versions. (just like nmap command’s remote OS detection facility).
A nameserver basically responds to a query. Interoperability is an obvious requirement here. The standard protocol behavior of different DNS implementations is expected to be the same.
Install fpdns
Debian / Ubuntu user, enter the following command:
$ sudo apt-get install fpdns
FreeBSD user, either use ports or binary package:
$ pkg_add -v -r fpdns
Alternatively grab source code from official web site.
Howto remotely determine DNS server version
To determine DNS server version for domain nixcraft.com, enter:
$ fpdns -D nixcraft.com
Output:
fingerprint (nixcraft.com, 64.202.165.116): bboy MyDNS fingerprint (nixcraft.com, 208.109.80.52): bboy MyDNS
You can easily find out if recursion enabled or not:
$ fpdns ns1.vnsl.com.
Output:
fingerprint (ns1.vnsl.com., 69.60.111.228): ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled]
To read list of servers from key board, enter:
$ fpdns -
Output:
ns2.vnsl.com fingerprint (ns2.vnsl.com, 64.85.160.11): ISC BIND 9.2.3rc1 -- 9.4.0a0 [recursion enabled] ns1.softlayer.com fingerprint (ns1.softlayer.com, 66.228.118.8): ISC BIND 9.2.3rc1 -- 9.4.0a0 ns.yahoo.com fingerprint (ns.yahoo.com, 66.218.71.63): ISC BIND 8.3.0-RC1 -- 8.4.4 ns1.google.com fingerprint (ns1.google.com, 216.239.32.10): ISC BIND 8.3.0-RC1 -- 8.4.4
Further readings
=> Read fpdns man page.
- Email this to a friend
- Printable version
- Rss Feed
- Last Updated: Sep/29/2007
{ 0 comments… add one now }