showing version

[Will Yardley]

lg042-5 wrote:
> Some simple questions for you DNS experts.
> 
> I have heard that you can configure your Bind server to answer
> something else (something like "mind your business") when it is
> queried about its version.

> 1 - Is it true ?

yes.
 
> 2 - How can I query a server to get the running version ?

dig version.bind chaos txt @ns.blah.com
or query for a record 'version.bind' of type 'txt' in class 'chaos'
using whatever utility you prefer.
 
> 3 - Which statement should I use to make it give a wrong answer ?

in the 'options' section:
	version "Sugar and spice, and everything nice.";

while it's funny to be a wise ass, it's generally not considered a great
idea to do this.  you might need to do it for a short time if there's
some reason you can't patch your server right away and you want to
discourage script kiddies, but overall there are other ways to determine
what version of bind you're running.  and often there is a legitimate
reason someone might want to figure out what version of bind you're
running.

our upstream provider had a really hilarious fake version for a while...
i forget exactly what it was but it was to the effect of 'rubber bands
and duct tape'

> 4 - What are the Bind version allowing this statement ?
 
i think all versions of bind have this record (or at least all versions
you should possibly be running), but only bind 8 and later has the
'options' statement - if that doesn't work, you have to actually create
a txt record for 'version.bind' in class chaos.  there are instructions
for doing this somewhere if you do a web search.  assuming you're
running a recent version of bind, the 'version' option is a much simpler
way of doing it.

> Thanks in advance.

no problem.  if you _are_ running a really old version of bind, you
should upgrade! and if you're running a current version, then you don't
have much to worry about.

w

-- 
Sintax error in config file! (line 378)
aborted!

GPG Public Key:
http://infinitejazz.net/will/pgp/