How to prevent bind from divulging its version

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Fri Jun 29 01:04:41 UTC 2001


	I will repeat this:

	There is no way, other than not answering any queries, that
	you can prevent named from reveling its version.  It is
	simply to easy to finger print a nameserver.

	If you think changing what is returned in a version query
	does this then you are kidding yourself.

	Mark

> 
> In /etc/named.conf  under the "options" area place the below...:
> 
> // Return a bogus response to miscreants
> // who query for our BIND version.  Do not
> // use this trick if you are going to use
> // the view trick detailed below.
> version "Off with your head!";
> 
> 
> At 08:39 PM 6/27/2001, you wrote:
> >Hi,
> >
> >Is there any method of preventing bind from divulging its version?
> >
> >many thanks!
> >kshong
> 
> Best regards,
> Paul Jacobs /Senior Network Eng.
> NETPACQ Systems, Inc.
> "Full Service Web Media"
> http://www.netpacq.com
> mailto:paul at netpacq.com
> 
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com


More information about the bind-users mailing list