Name servers software versions are exposed

Post Reply
droopy
Posts: 4
Joined: Thu Feb 18, 2021 1:12 am
Name servers software versions are exposed

Post by droopy »

Hello,

I was checking my domain with www.dnsinspect.com tool, and i receive a security alert that:
--------------------------------
Name Servers Versions
WARNING: Name servers software versions are exposed:
17x.xx.xx.xx: "9.11.5-P4-5.1+deb10u5-Debian"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system
--------------------------------

I think it is important to hide that debian is running, and send me to : https://www.dnsinspect.com/articles/hide-version.html
But i dont know exactly which file to edit on Debian10 and which bind file is required to fix.

Any help with a short tutorial?

Javier

User avatar
dpeca
Site Admin
Posts: 458
Joined: Fri Jun 19, 2020 9:59 am
Re: Name servers software versions are exposed

Post by dpeca »

You should edit /etc/bind/named.conf.options

Code: Select all

options {
  // ...
  // Hide bind version
  version "unknown";
  // ...
};
after change, do:

Code: Select all

sudo systemctl restart bind9

droopy
Posts: 4
Joined: Thu Feb 18, 2021 1:12 am
Re: Name servers software versions are exposed

Post by droopy »

Works perfect!, Thanks.

For other users, just add the following lines:

Code: Select all

  // Hide bind version
  version "unknown";
  


Post Reply