Hide Your Bind Version

Bind has been insecure since before I started using the Internet. It has got better over the years, but not much.
It is quite common to hide Apache/nginx/PHP versions for security reasons and PCI Compliance. So why do we over look bind when securing our systems?

Let’s check what bind will reveal to the world with nslookup

[codesyntax lang=”bash”]
root@linux30 [/root]# nslookup -q=txt -class=CHAOS version.bind. 0
Server: 0
Address: 0.0.0.0#53

version.bind text = “9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2”

You can tell immediately that this particular server is running 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2. Probably CentOS 6.
Let us fix that.

Edit your named.conf, possibly in /etc/named.conf
Within the options section add the following line – change the string to whatever you like!

[codesyntax lang=”bash”]
version “Go away bird”;

nslookup again and you can see your obscured bind version.

 

[codesyntax lang=”bash”]
root@linux30 [/root]# nslookup -q=txt -class=CHAOS version.bind. 0
Server: 0
Address: 0.0.0.0#53

version.bind text = “Go away bird”

Author: Kieran Barnes

Kieran is a PHP developer with 15 years commercial experience. Specialist in WordPress, CakePHP, CubeCart and all things PHP.

Leave a Reply

Your email address will not be published. Required fields are marked *