"Hiding" version.bind in /etc/bind/named.conf.options doesn't work

Ing. Pedro Pablo Delgado Martell ppmartell at eleka.co.cu
Wed Feb 28 13:55:30 UTC 2018


Good morning, I'm trying to make it more difficult for an attacker to 
get my DNS server version. I have been following several posts about 
doing this and mostrly all of them suggest to modify the 
*/etc/bind/named.conf.options* file and add the lines:

options {

version "Not available";                         // Or any bogus info or 
just none without quotes

}

Then restart the service (*service bind9 restart*) and the version will 
not be shown, only the defined text, in this case "Not available". 
However, after doing this and restarting the service I'm still getting 
my server version. Am I placing this lines in the wrong file? Thanks in 
advance!

------------------------------------

Bind version:       9.10.2-P3

OS:                        Debian GNU/Linux 8 (jessie)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180228/1c891f97/attachment.html>


More information about the bind-users mailing list