zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Hide BIND sever version from nmap

July 26, 2011 by Igor Drobot Leave a Comment

Security fix for the DNS infrastructure to hide the the sensible information about the version and potential security critical bugs.

Edit your named.conf.options and add the following additional 3 lines from below.

1
2
3
4
5
6
cat /etc/bind/named.conf.options
options {
  version "0";
  hostname none;
  server-id none;
}

cat /etc/bind/named.conf.options options { version "0"; hostname none; server-id none; }

Verification of the bind version can proceed with nmap:

1
nmap 45.44.33.1 -p 53 -A

nmap 45.44.33.1 -p 53 -A

fpdns – DNS server fingeprinting tool is also able to find out the version and additional information related to a DNS server.

It check authoritative servers of the specified domain name:

1
2
aptitude install fpdns
fpdns -D exeample.com

aptitude install fpdns fpdns -D exeample.com

Example output:
fingerprint (example.org, 45.44.33.1): ISC BIND 9.2.3rc1 — 9.6.1-P1
fingerprint (example.org, 2a01:4f8:101:265:0:0:0:2): ISC BIND 9.2.3rc1 — 9.6.1-P1

Filed Under: Linux Tagged With: bind, DNS, named

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok