How to Grab | Disable BIND Version Banner
5 March, 2021 by
How to Grab | Disable BIND Version Banner
Administrator
| No comments yet


The BIND DNS server by default will broadcast its version publicly. Security-minded admins may want to disable broadcasting of the BIND banner. I’ll show you how!


Grab BIND banner

It is possible to use dig, host, nslookup or whatever your favorite DNS tool may be to query the BIND banner. I like the host command so here is how it works with host:

$ host -c chaos -t txt version.bind ns1.example.com
Using domain server:
Name: ns1.example.com
Address: 192.168.1.1#53
Aliases: 

version.bind descriptive text "9.3.6-P1-RedHat-9.3.6-20.P1.el5"

Disable BIND banner

To change this banner, edit named.conf and put in whatever version indication you wish. Example:

$ sudo nano /etc/named.conf

Add this in:

options {
version “none”;
}

Restart BIND, and now your DNS server will reflect:

$ host -c chaos -t txt version.bind ns1.example.com
Using domain server:
Name: ns1.example.com
Address: 192.168.1.1#53
Aliases:

version.bind descriptive text "none"

 

Sign in to leave a comment