allow-query does not seem to restrict access to version.bind in 9.2.1
Jim Reid
jim at rfc1035.com
Sun Jun 23 11:41:43 UTC 2002
>>>>> "Jesper" == Jesper Dybdal <jdunet at u7.dybdal.dk> writes:
Jesper> But in 9.2.1, everybody seems to be able to access my
Jesper> version number.
Why are you trying to hide this? And why do that with an ACL? What
purpose does this serve? You could just as easily "conceal" what
version of BIND the server runs by putting a version clause in the
options statement. Even then, this does not prevent someone finding
out which version of BIND a server runs. There are fingerprinting
tools that work this out from the answers they get to certain queries
-- and not just for BIND.
Jesper> More details from my named.conf, only slightly anonymized
This is pointless and a waste of everyone's time. Concealing the
contents of your config file makes it difficult, sometimes impossible,
for anyone to see what's wrong. Unless you show *exactly* what your
name server sees, how is anyone expected to debug the config file for
you? Would you draw a picture of a car, take it to the garage and
expect a mechanic to tell you what was wrong with the car?
More information about the bind-users
mailing list