BIND Version check
Bill Manning
bmanning at ISI.EDU
Wed Jun 21 00:42:59 UTC 2000
Actually, revealing the version is a good thing. Hiding the
version encourages additional probing.
Upgrading to mitagate vulnerabilities is -MUCH- prefered that
attempting security through obscurity.
%
% By revealing the version number, you also reveal the set of
% vulnerabilities of the server. If your server is visible to the
% Internet, you should disable this reporting by adding these lines to
% your named.conf file (without the =====):
%
% =====
% zone "bind" chaos {
% type master ;
% file "primary/bind";
% allow-query {
% localhost ;
% } ;
% allow-transfer {
% none;
% } ;
% };
% =====
%
% and create a file (/var/named/) primary/bind:
%
% =====
% $ORIGIN bind.
% @ 1D CHAOS SOA localhost. root.localhost. (
% 1 ; serial
% 3H ; refresh
% 1H ; retry
% 1W ; expiry
% 1D ) ; minimum
% CHAOS NS localhost.
% =====
%
%
% --
% Daniel Norton
%
%
%
%
--
--bill
More information about the bind-users
mailing list