Change Bind DNS Version on CentOS

It’s always a good idea to hide or change the Bind DNS nameserver version. If an attacker knows the version of Bind you are running, it’ll give them clues as to how they can exploit it. This is called security through obscurity.

Assuming you have Bind 9 installed on your CentOS, Debian or Ubuntu box, login via SSH and follow the commands below.

First, head to your Bind options file. This file is usually in /etc/named.conf:

vim /etc/named.conf

In the options {} stanza, adjust or add version "Hello DNS World";, e.g:

options {
  directory "/var/named";
  version "Hello DNS World";

To report no version, simply leave the version directive empty:

options {
  directory "/var/named";
  version "";

When we run the same check this time, the it will report either no version or “Hello DNS World”, e.g:

version.bind.           0       CH      TXT     "Hello DNS World"

Any questions? Ask me in the comments below!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s