Is it possible to show bogus version number in BIND

Michael Kjorling michael at kjorling.com
Wed May 1 20:39:34 UTC 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On May 1 2002 11:56 -0700, Chris Villemez wrote:

> I believe you can just comment out the version info code before you compile
> the source.  It's located in bin/named/ns_req.c in the tarball (but you can
> just search for the 'VERSION' string):
>
>         if (class == ns_c_chaos && type == ns_t_txt &&
>             ns_samename(dnbuf, "VERSION.BIND") == 1 &&
>             server_options->version != NULL &&
>             server_options->version[0] != '\0')
>                 return (add_bind(hp, cpp, msg, msglenp,
>                         "VERSION", server_options->version));
>
> (This was from Bind version 8.3.1).
>
> If you comment this out before building Bind, it should prevent version
> information from being passed back to the requester when the requester
> issues a DNS version number check.  Someone correct me if I'm wrong, but
> this is what I remember doing before.   Hope this helps.
>
> -Christopher Villemez

Or, you can just add:

	version "";

to the options section of your named.conf. This will make the check at
line 4 in the if() statement fail (an empty string has a \0 at the
first position, or string[0]) and thus the entire if() statement will
never be satisfied.

The upside of this is that you don't have to patch the BIND source
code.


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e

``And indeed people sometimes speak of man's "bestial" cruelty, but
this is very unfair and insulting to the beasts: a beast can never be
so cruel as a man, so ingeniously, so artistically cruel.''
(Ivan Karamazov, in Dostoyevsky's 'The Brothers Karamazov')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE80FKIKqN7/Ypw4z4RAsKDAJ9vnyRocTGxgL9p9gaAdY5qGpodYwCeIZHK
25yDsVzWuyi/PbBIrh0yyD8=
=zqOH
-----END PGP SIGNATURE-----

More information about the bind-users mailing list