BIND servers can be remotely queried for their version
Peter Radcliffe
26$10$f3i99le at pir.net
Fri Mar 31 17:38:24 UTC 2000
Thor Kottelin <thor at anta.net> probably said:
>From: wen <wen at hisense.qd.sd.cn>
>> BIND servers can be remotely queried for their version.this feature
>> could be used by attackers to remotely probe machines for vulnerable
>> versions of BIND to be exploited in later attacks.
>> now my BIND version is 8.2. how to cancel this fault?
>
>IIRC, you can use
>options {
> version "";
>};
If you want to allow it locally to check versions (I run quite a few
nameservers) but disallow remotely you can use;
zone "bind" chaos {
allow-query {
localhost;
};
type master;
file "bind";
};
and put in the file "bind";
$ORIGIN bind.
$TTL 1W
@ 1D CHAOS SOA localhost. root.localhost. (
1 ; serial
3H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
CHAOS NS localhost.
--
pir pir at pir.net pir at net.tufts.edu
More information about the bind-users
mailing list