Version statement...
Michael Hoskins (michoski)
michoski at cisco.com
Fri Aug 17 06:00:55 UTC 2012
You can specifically set version, authors, etc. but why not just block all
"CHAOS" queries? Do you really need it?
view "chaos" chaos {
match-clients { any; };
allow-transfer { none; };
allow-query { none; };
allow-recursion { none; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
};
PROD:54 root at adns3:namedb# dig @localhost version.bind chaos txt
; <<>> DiG 9.8.3-P1-RedHat-9.8.3-1.P1 <<>> @localhost version.bind chaos
txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48486
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;version.bind. CH TXT
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 16 22:57:20 2012
;; MSG SIZE rcvd: 30
Not to mention:
view "hesiod" hesiod {
match-clients { any; };
allow-transfer { none; };
allow-query { none; };
allow-recursion { none; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
};
view "hs" hs {
match-clients { any; };
allow-transfer { none; };
allow-query { none; };
allow-recursion { none; };
recursion no;
zone "." {
type hint;
file "/dev/null";
};
};
-----Original Message-----
From: Jeff Justice <listaccount at starionline.com>
Date: Thursday, August 16, 2012 10:53 PM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: Version statement...
>Doesn't seem to work with or without the brackets. Does it matter what
>order it appears in the options list? Or a limit on number of characters?
>
>Jeff
>
>
>On Aug 17, 2012, at 12:34 AM, David Miller <dmiller at tiggee.com> wrote:
>
>>
>> On 8/17/2012 1:13 AM, Jeff Justice wrote:
>>> I am trying to mask our DNS servers version output to a custom string,
>>>but it doesn't seem to be working for me. In a nutshell, I have added
>>>this to my options block of my named.conf:
>>>
>>> version "[DNS Server]";
>>
>> options {
>> version "string";
>>
>> works for me in 9.8. Maybe BIND doesn't like the square brackets?
>>
>>
>>> But when I do a query, it still shows the actual version number i.e.
>>>BIND 9.9.1-P2, both from the command line and from an outside query
>>>tool.
>>>
>>> What am I missing?
>>>
>>> Jeff
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>
>>
>
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list