Skip to main content

How to hide Nameserver software version on Centos 7 ?

Hide DNS Software Version : Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning.
Use dig command to find which version is running on your name servers:
$ dig +short @ns1.example.com version.bind txt chaos
"9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1"
Bind
To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option.
Example:
// /etc/named.conf
options {
// Hide bind version
version "unknown";
};
Restart the server (use bind9 instead of named on systems based on Debian):
$ sudo service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
Verify that server is returning new version string:
$ dig +short @ns1.example.com version.bind txt chaos
"unknown"

Comments