Hello,
I was checking my domain with www.dnsinspect.com tool, and i receive a security alert that:
--------------------------------
Name Servers Versions
WARNING: Name servers software versions are exposed:
17x.xx.xx.xx: "9.11.5-P4-5.1+deb10u5-Debian"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system
--------------------------------
I think it is important to hide that debian is running, and send me to : https://www.dnsinspect.com/articles/hide-version.html
But i dont know exactly which file to edit on Debian10 and which bind file is required to fix.
Any help with a short tutorial?
Javier
Name servers software versions are exposed
- myVesta
- Site Admin
- Posts: 952
- Joined: Fri Jun 19, 2020 9:59 am
- Has thanked: 10 times
- Been thanked: 6 times
You should edit /etc/bind/named.conf.options
after change, do:
Code: Select all
options {
// ...
// Hide bind version
version "unknown";
// ...
};
Code: Select all
sudo systemctl restart bind9
Works perfect!, Thanks.
For other users, just add the following lines:
For other users, just add the following lines:
Code: Select all
// Hide bind version
version "unknown";