Name servers software versions are exposed

Post Reply
droopy
Posts: 12
Joined: Thu Feb 18, 2021 1:12 am

Hello,

I was checking my domain with www.dnsinspect.com tool, and i receive a security alert that:
--------------------------------
Name Servers Versions
WARNING: Name servers software versions are exposed:
17x.xx.xx.xx: "9.11.5-P4-5.1+deb10u5-Debian"
Exposing name server's versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system
--------------------------------

I think it is important to hide that debian is running, and send me to : https://www.dnsinspect.com/articles/hide-version.html
But i dont know exactly which file to edit on Debian10 and which bind file is required to fix.

Any help with a short tutorial?

Javier
User avatar
myVesta
Site Admin
Posts: 928
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

You should edit /etc/bind/named.conf.options

Code: Select all

options {
  // ...
  // Hide bind version
  version "unknown";
  // ...
};
after change, do:

Code: Select all

sudo systemctl restart bind9
droopy
Posts: 12
Joined: Thu Feb 18, 2021 1:12 am

Works perfect!, Thanks.

For other users, just add the following lines:

Code: Select all

  // Hide bind version
  version "unknown";
  
Post Reply