≡ Menu

UNIX / Linux: BIND Disable version.bind Query Option

How do I disable the bind version.bind option under UNIX or Linux operating systems to improve my name server security?

There is currently no way to completely disable “version.bind” option. You can try to hide version using version.bind but most security scanner and fingerprinting software will detect your bind software version without any problem. This option is often known as security through obscurity. Just edit your named.conf and set it as follows:
### security through obscurity ###
version.bind = "Go away.";

Save and close the file. Reload / restart the named server:
# service named restart

How Do I Find Out Version Information?

Type the following command under Mac OS X or Linux or UNIX based computer:
$ host -c CH -t txt version.bind ns1.dnsknowledge.com
Sample outputs:

Using domain server:
Name: ns1.dnsknowledge.com
Address: 203.xx.ttt.zz#53
Aliases:
version.bind descriptive text "Go away."

Fingerprinting Tool

The fpdns can determine DNS server version for domain dnsknowledge.com using fingerprinting technique as follows:
$ fpdns -D dnsknowledge.com
Sample output:

fingerprint (dnsknowledge.com, 67.228.254.4): ISC BIND 9.2.3rc1 -- 9.6.1-P1
fingerprint (dnsknowledge.com, 67.228.255.5): ISC BIND 9.2.3rc1 -- 9.6.1-P1

Our Recommendations To Keep Bind Server Secure

A better option is to run your bind server in chrooted jail and apply all security patches to both named and operating system immediately.

{ 1 comment… add one }
  • Rajiv arora May 22, 2016, 6:25 am

    What is my dns number

Seurity: Are you a robot or human?

Leave a Comment