Cacher la version de bind

Cacher la version de bind

Afin de sécuriser un peu son serveur DNS il peut être utile de cacher la version que nous utilisons . Dans le cas d’un serveur bind .

La modification est très simple , éditez le fichier named.conf.options . Il suffit juste d’ajouter la ligne version .

options {

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	// forwarders {
	// 	0.0.0.0;
	// };

	version "DNS";

};

Globalement

version "Votre message ici";

Pour tester rien de plus simple .

# dig @votre_serveur_dns -c CH -t txt version.bind

; <<>>  <<>> @votre_serveur_dns -c CH -t txt version.bind
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57626
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.			CH	TXT

;; ANSWER SECTION:
version.bind.		0	CH	TXT	"DNS"

;; AUTHORITY SECTION:
version.bind.		0	CH	NS	version.bind.

Related posts

Leave a Comment