On Mon, Jan 29, 2001 at 03:50:31PM -0800, Max Vision wrote:
> Hi,
>
> The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
> chaos record called "authors". So now even if an admin changes or
> suppresses their version reply string, a remote user can still determine
> whether the server is running BIND 9.x. With the recent discovery of the
> tsig bug in BIND there will probably be a huge rise in version
> queries. Some attackers may remove ambiguity by skipping servers that
> reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable).
>
> % dig @ns.example.com authors.bind chaos txt
>
For the absolute paranoid (all of us I guess), this patch will disable at
least that fingerprinting.
Eric
-------->8 cut here 8<-------
--- server.c.org Tue Jan 30 20:25:57 2001
+++ server.c Tue Jan 30 20:23:03 2001
@@ -1667,7 +1667,7 @@
CHECK(create_bind_view(&view));
ISC_LIST_APPEND(lctx.viewlist, view, link);
CHECK(create_version_zone(cctx, server->zonemgr, view));
- CHECK(create_authors_zone(server->zonemgr, view));
+/* CHECK(create_authors_zone(server->zonemgr, view));*/
dns_view_freeze(view);
view = NULL;
-------->8 cut here 8<-------
--
GIT$ d+ s+:- !a C+++ UL++++ P+++ L+++ E--- W+ N++ o K+ w--
O- M- V- PS PE Y+ PGP++ t 5 X R- tv+ b++ DI++ D
G e h+ r y?
