BIND Version check

Bill Manning bmanning at ISI.EDU
Wed Jun 21 00:42:59 UTC 2000


 Actually, revealing the version is a good thing.  Hiding the
 version encourages additional probing.
 Upgrading to mitagate vulnerabilities is -MUCH- prefered that
 attempting security through obscurity.


% 
% By revealing the version number, you also reveal the set of
% vulnerabilities of the server.  If your server is visible to the
% Internet, you should disable this reporting by adding these lines to
% your named.conf file (without the =====):
% 
% =====
% zone "bind" chaos {
% 	type master ;
% 	file "primary/bind";
% 	allow-query {
% 	    localhost ;
% 	} ;
%         allow-transfer {
% 	    none;
% 	} ;
% };
% =====
% 
% and create a file (/var/named/) primary/bind:
% 
% =====
% $ORIGIN bind.
% @	1D CHAOS SOA    localhost. root.localhost. (
% 			1               ; serial
% 			3H              ; refresh
% 			1H              ; retry
% 			1W              ; expiry
% 			1D )            ; minimum
% 	CHAOS NS	localhost.
% =====
% 
% 
% --
% Daniel Norton
% 
% 
% 
% 


-- 
--bill



More information about the bind-users mailing list