Re: Version statement...

Michael Hoskins (michoski) Thu, 16 Aug 2012 23:01:50 -0700

You can specifically set version, authors, etc. but why not just block all
"CHAOS" queries?  Do you really need it?


view "chaos" chaos {
        match-clients { any; };
        allow-transfer { none; };
        allow-query { none; };
        allow-recursion { none; };
        recursion no;
        zone "." {
                type hint;
                file "/dev/null";
        };
};


PROD:54 root@adns3:namedb# dig @localhost version.bind chaos txt

; <<>> DiG 9.8.3-P1-RedHat-9.8.3-1.P1 <<>> @localhost version.bind chaos
txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48486
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.                  CH      TXT

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 16 22:57:20 2012
;; MSG SIZE  rcvd: 30


Not to mention:

view "hesiod" hesiod {
        match-clients { any; };
        allow-transfer { none; };
        allow-query { none; };
        allow-recursion { none; };
        recursion no;
        zone "." {
                type hint;
                file "/dev/null";
        };
};

view "hs" hs {
        match-clients { any; };
        allow-transfer { none; };
        allow-query { none; };
        allow-recursion { none; };
        recursion no;
        zone "." {
                type hint;
                file "/dev/null";
        };
};


-----Original Message-----
From: Jeff Justice <listacco...@starionline.com>
Date: Thursday, August 16, 2012 10:53 PM
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: Re: Version statement...

>Doesn't seem to work with or without the brackets.  Does it matter what
>order it appears in the options list? Or a limit on number of characters?
>
>Jeff
>
>
>On Aug 17, 2012, at 12:34 AM, David Miller <dmil...@tiggee.com> wrote:
>
>> 
>> On 8/17/2012 1:13 AM, Jeff Justice wrote:
>>> I am trying to mask our DNS servers version output to a custom string,
>>>but it doesn't seem to be working for me.  In a nutshell, I have added
>>>this to my options block of my named.conf:
>>> 
>>>  version "[DNS Server]";
>> 
>> options {
>>       version "string";
>> 
>> works for me in 9.8.  Maybe BIND doesn't like the square brackets?
>> 
>> 
>>> But when I do a query, it still shows the actual version number i.e.
>>>BIND 9.9.1-P2, both from the command line and from an outside query
>>>tool.
>>> 
>>> What am I missing?
>>> 
>>> Jeff
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>>unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> 
>> 
>> 
>
>_______________________________________________
>Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>unsubscribe from this list
>
>bind-users mailing list
>bind-users@lists.isc.org
>https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Version statement...

Reply via email to