> I'm just implementing PowerDNS and am very impressed by how straightforward > it has been. I'm about to replace our old Bind servers with powerdns, and > was testing a few things and noticed that PowerDNS tells other server's > it's version number. More specifically it says: > > Served by POWERDNS 2.9.20 $Id: packethandler.cc 539 2005-11-11 11:17:47Z > ahu $ > > Is there any way to disable or change this response without recompiling. > I typically try to disable this kind of identifying information so that in > the event of a vulnerability, it's not obvious that this server is > vulnerable.
The config file for the recursor has "version-string=" set to a similar string, I'd be surprised if you can't set that in the main pdns config. As an aside, in the event of a vulnerability an automated script will fire the exploit at your sever whether it's running a DNS service or not. CodeRed and Slammer did the same for IIS vulnerabilities. Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Trusted Information Management Trusted Solutions and Services Group GPG Public Key ID: 455420ED
pgpvbjzrn8poi.pgp
Description: PGP signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
