BIND servers can be remotely queried for their version

Peter Radcliffe 26$10$f3i99le at
Fri Mar 31 17:38:24 UTC 2000

Thor Kottelin  <thor at> probably said:
>From: wen <wen at>
>> BIND servers can be remotely queried for their version.this feature
>> could be used by attackers to remotely probe machines for vulnerable
>> versions of BIND to be exploited in later attacks.
>> now my BIND version is 8.2. how to cancel this fault?
>IIRC, you can use
>options {
>	version "";

If you want to allow it locally to check versions (I run quite a few
nameservers) but disallow remotely you can use;

zone "bind" chaos {
  allow-query {
  type master;
  file "bind";

and put in the file "bind";

$ORIGIN bind.

@       1D CHAOS SOA    localhost. root.localhost. (
                        1               ; serial
                        3H              ; refresh
                        1H              ; retry
                        1W              ; expiry
                        1D )            ; minimum
        CHAOS NS        localhost.

pir                  pir at                    pir at

More information about the bind-users mailing list