BIND Version check
Bill Moseley
moseley at hank.org
Tue Jun 20 18:22:42 UTC 2000
At 05:42 PM 06/20/00 -0700, Bill Manning wrote:
>
> Actually, revealing the version is a good thing. Hiding the
> version encourages additional probing.
I only allow queries by external hosts to a few zones, so (I assume because
of this) version.bind queries are rejected.
Hiding the version vs. rejecting the version info may be a different issue,
but I'm not sure I follow the logic that it would encourage more probing.
To me, rejecting the query would indicate that the DNS admin was thinking
about security since, in a default setup, the version should be returned.
But if I was convinced that it was better to report that I am running the
most current version of Bind, how would I enable reporting of version.bind
on my restricted-zone bind setup?
Bill Moseley
mailto:moseley at hank.org
More information about the bind-users
mailing list