BIND Version check
Barry Margolin
barmar at genuity.net
Tue Jun 20 16:49:40 UTC 2000
In article <2i2vks89q059dc2hej4039o82673dp226f at 4ax.com>,
Daniel Norton <danorton at suespammers.org> wrote:
>By revealing the version number, you also reveal the set of
>vulnerabilities of the server. If your server is visible to the
>Internet, you should disable this reporting by adding these lines to
>your named.conf file (without the =====):
Isn't it simpler to just use the "version" option to put in a fake version,
e.g.:
options {
version "none of your business";
};
I'm not even sure if your idea of creating a "bind" zone really works. It
may have changed since I last checked, but it used to check for a query
being version.bind as a special case *before* looking the name up in
memory.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list