How To Hide BIND DNS Sever Version

Q. How do I hide my dns server version number from command such as:
dig -c CH -t txt version.bind

How do I hide version under BIND9 Linux / UNIX systems?

A. This is nothing but security through obscurity. You can hide version but one can always fingerprint your name server to find out exact version details using fpdns tool.

Open your named.conf file, find out options { … }; section,

        query-source    port 53;
        query-source-v6 port 53;
        listen-on { 174.ttt.xx.yy; };
        directory "/var/named"; // the default
        dump-file               "data/cache_dump.db";
        statistics-file         "data/named_stats.txt";
        memstatistics-file      "data/named_mem_stats.txt";
        dnssec-enable yes;
        recursion no;
        allow-notify { 174.zzz.yy.zz; 172.xx.yy.zz; };
        version "BIND";

To hide your bind version:
version "YOUR Message";
version "use fpdns to get version number ;)";
Save and close the file. Restart named, enter:
# service bind9 restart
# service named restart

How do I see bind version?

Use dig command, enter
$ dig -c CH -t txt version.bind
As usual, you can use fpdns to find out version number.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 5 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
5 comments… add one
  • Jeff Schroeder Jul 3, 2008 @ 2:07

    Yeah did this awhile ago at work :-)

    $ host -c CH -t txt version.bind
    Using domain server:

    version.bind descriptive text “Jeff’s Super mega xbox edition”

    $ host -c CH -t txt version.bind
    Using domain server:

    version.bind descriptive text “Jeff’s Super mega xbox edition”

  • Jeff Aug 30, 2008 @ 19:14

    You know having a 2nd NS isn’t doing much for you since they are on the same network segment. If DNS is so important for your company, you should get it offnet.

  • AG Sep 28, 2012 @ 20:47

    So if you put the statement in place: version “BIND”; .

    It will show ‘BIND’, however one can run the fpdns command to view the exact version. However, if you keep up on security updates and patches would there be a risk of not using this?
    Excellent site!

  • Vinny Dec 31, 2013 @ 19:51

    I van not hide my version I tried with so many different ways in the /etc/named.conf
    Nothing seems to work at all.
    There is some csf firewall port security in this file.
    I am confused how do I hide the version number.

  • James May 29, 2014 @ 11:48

    Hey Vinny

    under options just put in

    version “my name is vinny”;

    save named.conf

    and then restart named

    Easy :)

    If there is no options put:

    version “my name is vinny”;

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum