Hiding the version number

Jim Reid jim at rfc1035.com
Thu Nov 21 23:38:05 UTC 2002


>>>>> "Jon" == Jon Fullmer <jon at jonfullmer.com> writes:

    Jon> Our security scanner mentioned that they can determine the
    Jon> version number of BIND that we're running, and that while
    Jon> this isn't a major security hazard, it's best to be disabled.

Doing this is pointless. There are DNS fingerprinting tools that can
identify your name server software based on the responses to queries
even if you stop the server answering for "version.bind". Disabling
answers for that version string is an example of security through
obscurity: ie no security.


More information about the bind-users mailing list