"Hiding" version.bind in /etc/bind/named.conf.options doesn't work
Dave Warren
dw at thedave.ca
Wed Feb 28 19:25:12 UTC 2018
On 2018-02-28 10:57, G.W. Haywood via bind-users wrote:
> Hi there,
>
> On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote:
>
>> Good morning, I'm trying to make it more difficult for an attacker to
>> get my DNS server version.
>
> Waste of time. The attacks are automated, and will be mounted anyway.
>
Indeed. At least one of my legacy servers returns "4.9.4-P1-Would you
believe Win98SE?", which was an in-joke at the time but I like it well
enough that it is still here 10+ years later.
I've still seen modern attacks. As you say, the attacks are automated
and there is no real advantage in checking versions first, it is easier
to just throw everything at everyone.
More information about the bind-users
mailing list