ISS scanner and BIND 9 (AUTHORS.BIND)

Kevin Darcy kcd at
Fri Feb 10 02:49:03 UTC 2006

Since AUTHORS.BIND returns neither a hostname nor a BIND version, the 
vulnerability as described by ISS *does*not*exist* and therefore can be 
removed from your organization's checklist.

                                                      - Kevin

Bischof, Ralph wrote:

>	I have a 9.3.1 build of BIND running on a Red Hat Enterprise
>Linux ES4 system. I *must* use the ISS scanner ( to
>discover and mitigate any vulnerabilities on the system before I can
>connect it to the network. When I ran a scan of my box, I found the
>below Medium vulnerability that I need to do something about.
>Vulnerability Details:
>M BindHostnameDisclosure: BIND hostname disclosure
>BIND (the Berkeley Internet Name Daemon) is the Domain Name Service for
>Unix systems. BIND versions 9.0 and later could allow
>a remote attacker to obtain sensitive information. By sending
>specially-crafted DNS query for the record AUTHORS.BIND a remote
>attacker may learn the BIND software version and the hostname of the DNS
>server. This information could be helpful in launching
>further attacks.
>No remedy available as of January 2005.
>	I know I use the "version" named.conf statement with BIND8 to
>hide the version. Would it also help to put this statement in with my
>BIND9 build? Something like...
>options {
>	version "unknown";
>	I appreciate any help! If it's not possible to mitigate this
>through the configuration, I am thinking that I can make a definitive
>argument that I *already* advertise the hostname of the server to the
>Internet public, therefore it's a non-issue.
>Thank you,
>Ralph F. Bischof, Jr.
>Any opinion within this communication is not necessarily that of NASA.
>PGP Key -

More information about the bind-users mailing list