Security concern
Lucian Hudin
luci at warp.transart.ro
Thu May 17 22:56:09 UTC 2001
> Hi Alan,
>
> this probably means that the user did something like:
>
> nslookup -q=TXT -class=CHAOS version.bind your.nameserver.com
> For security reasons you should think about putting something like
> this into your BIND configuration file:
>
> options {
> version { "GO AWAY !" };
> };
>
> After this users will not be able to find out which version of BIND you
> are running.
Public BIND fingerprinting programs exists for a while now, I wrote one
myself, available at http://www.darkpath.com/projects/bfp.html. So the
solution would be to UPGRADE.
Regards,
LucySoft.
More information about the bind-users
mailing list