Hide DNS Software Version : Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning.
Use dig command to find which version is running on your name servers:
Example:
Use dig command to find which version is running on your name servers:
$ dig +short @ns1.example.com version.bind txt chaos
"9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"
BindExample:
// /etc/named.conf
options {
// Hide bind version
version "unknown";
};$ sudo service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]$ dig +short @ns1.example.com version.bind txt chaos
"unknown"
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin