How to prevent querying of bind version
Jim Reid
jim at rfc1035.com
Wed Oct 3 13:26:44 UTC 2001
>>>>> "derek" == derek b gooh <derek.b.gooh at sg.andersen.com> writes:
derek> I'm running bind 8.22-p5, how do I configure bind to
derek> prevent people from querying my bind version?
You can't. Nothing you can do to your local copy of BIND (or any other
piece of software) can prevent the rest of the world from sending
queries to your name server. You can use the version clause in an
options{} statement to conceal the version string, but this is no
security. A script kiddy will still try their attacks no matter what
version of BIND you say you're running. And anyway there are other
tools for fingerprinting name server implementations.
BTW 8.2.2P5 has a few known security holes. Upgrade immediately to the
current BIND 8 version, 8.2.5, or better still, BIND9.
More information about the bind-users
mailing list