"Hiding" version.bind in /etc/bind/named.conf.options doesn't work

Dave Warren dw at thedave.ca
Wed Feb 28 19:25:12 UTC 2018

On 2018-02-28 10:57, G.W. Haywood via bind-users wrote:
> Hi there,
> On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote:
>> Good morning, I'm trying to make it more difficult for an attacker to
>> get my DNS server version.
> Waste of time.  The attacks are automated, and will be mounted anyway.

Indeed. At least one of my legacy servers returns "4.9.4-P1-Would you 
believe Win98SE?", which was an in-joke at the time but I like it well 
enough that it is still here 10+ years later.

I've still seen modern attacks. As you say, the attacks are automated 
and there is no real advantage in checking versions first, it is easier 
to just throw everything at everyone.

More information about the bind-users mailing list