Hide DNS Software Version : Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning.
Use dig command to find which version is running on your name servers:
Example:
Use dig command to find which version is running on your name servers:
$ dig +short @ns1.example.com version.bind txt chaos
"9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"
Bind
To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option.Example:
// /etc/named.conf
options {
// Hide bind version
version "unknown";
};
Restart the server (use bind9 instead of named on systems based on Debian):$ sudo service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
Verify that server is returning new version string:$ dig +short @ns1.example.com version.bind txt chaos
"unknown"
Comments
Post a Comment