It’s a good practice to hide DNS server’s software name and its version information from resolvers. These information can assist hackers to perform DNS attack. In one of our recent article, we told how you can use dig command to query remote DNS version information and in the same article, we also suggested administrators to hide the server information for security reasons.
To hide DNS server’s version information, you will have to set ‘version‘ attribute in your named.conf file. To do that,
$vi /etc/named.conf
Note: The location of the named.conf will vary from system to system. You might check under /etc/named/named.conf, /etc/bind/named.conf, /var/named/named.conf.
Copy and paste below line under the options section,
version "No version information available";
It will look as below under the options section,
options {
......................
version "No version information available";
........................
}You might also add the above line in /etc/named.options and include that in /etc/named.conf.
Once done, save named.conf and restart the named server as below
$rndc reload
or
$/etc/init.d/named restart
or
$/etc/init.d/bind8 restart
You might also want to read: Should you enable Recursion on your DNS? It’s vulnerable!
