How to hide the DNS Server’s software name and its version? [DNS Security]

It’s a good practice to hide DNS server’s software name and its version information from resolvers. These information can assist hackers to perform DNS attack. In one of our recent article, we told how you can use dig command to query remote DNS version information and in the same article, we also suggested administrators to hide the server information for security reasons.

To hide DNS server’s version information, you will have to set ‘version‘ attribute in your named.conf file. To do that,

$vi /etc/named.conf

Note: The location of the named.conf will vary from system to system. You might check under /etc/named/named.conf, /etc/bind/named.conf, /var/named/named.conf.

Copy and paste below line under the options section,

version "No version information available";

It will look as below under the options section,

options {

......................

version "No version information available";

........................

}

You might also add the above line in /etc/named.options and include that in /etc/named.conf.

Once done, save named.conf and restart the named server as below

$rndc reload

or

$/etc/init.d/named restart

or

$/etc/init.d/bind8 restart

You might also want to read: Should you enable Recursion on your DNS? It’s vulnerable!

Updated on September 3, 2017

Was this article helpful?

Related Articles

Leave a Comment