BIND Version check

Daniel Norton danorton at suespammers.org
Tue Jun 20 15:27:34 UTC 2000


By revealing the version number, you also reveal the set of
vulnerabilities of the server.  If your server is visible to the
Internet, you should disable this reporting by adding these lines to
your named.conf file (without the =====):

=====
zone "bind" chaos {
	type master ;
	file "primary/bind";
	allow-query {
	    localhost ;
	} ;
        allow-transfer {
	    none;
	} ;
};
=====

and create a file (/var/named/) primary/bind:

=====
$ORIGIN bind.
@	1D CHAOS SOA    localhost. root.localhost. (
			1               ; serial
			3H              ; refresh
			1H              ; retry
			1W              ; expiry
			1D )            ; minimum
	CHAOS NS	localhost.
=====


--
Daniel Norton




More information about the bind-users mailing list