Change Bind DNS Version on CentOS

It’s always a good idea to hide or change the Bind DNS nameserver version. If an attacker knows the version of Bind you are running, it’ll give them clues as to how they can exploit it. This is called security through obscurity.

Assuming you have Bind 9 installed on your CentOS, Debian or Ubuntu box, login via SSH and follow the commands below.

First, head to your Bind options file. This file is usually in /etc/named.conf:

vim /etc/named.conf

In the options {} stanza, adjust or add version "Hello DNS World";, e.g:

options {
  directory "/var/named";
  version "Hello DNS World";
};

To report no version, simply leave the version directive empty:

options {
  directory "/var/named";
  version "";
};

When we run the same check this time, the it will report either no version or “Hello DNS World”, e.g:

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "Hello DNS World"

Any questions? Ask me in the comments below!

Advertisements

Author: drewsymo

Developer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s