masters directive in NZF file

2018-02-28 Thread Chuck Musser
Hi, We've got a set of slaves running BIND 9.9.9-P5 that have dynamically managed zones (via rndc addzone and delzone). The master server's IP was hardcoded into the options sent to addzone, resulting in NZF files with lines like so: zone "foo.com" { type slave; file "foo.com"; masters {

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread sthaug
> >> Good morning, I'm trying to make it more difficult for an attacker to > >> get my DNS server version. > > > > Waste of time.  The attacks are automated, and will be mounted anyway. > > > > Indeed. At least one of my legacy servers returns "4.9.4-P1-Would you > believe Win98SE?", which was

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread Warren Kumari
On Wed, Feb 28, 2018 at 12:57 PM, G.W. Haywood via bind-users wrote: > Hi there, > > On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote: > >> Good morning, I'm trying to make it more difficult for an attacker to >> get my DNS server version. > > > Waste of

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread Dave Warren
On 2018-02-28 10:57, G.W. Haywood via bind-users wrote: Hi there, On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote: Good morning, I'm trying to make it more difficult for an attacker to get my DNS server version. Waste of time.  The attacks are automated, and will be mounted

RE: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread G.W. Haywood via bind-users
Hi there, On Wed, 28 Feb 2018, (Ing. Pedro Pablo Delgado Martell) wrote: Good morning, I'm trying to make it more difficult for an attacker to get my DNS server version. Waste of time. The attacks are automated, and will be mounted anyway. -- 73, Ged.

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread Alan Clegg
On 2/28/18 10:57 AM, Bob Harold wrote: > Those instructions assume that the  /etc/bind/named.conf.options file > is 'included' in the main named.conf file. > Just add the "version" line to your named.conf file options section. [...] > So my config file is at: >

Re: "Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread Bob Harold
On Wed, Feb 28, 2018 at 8:55 AM, Ing. Pedro Pablo Delgado Martell < ppmart...@eleka.co.cu> wrote: > Good morning, I'm trying to make it more difficult for an attacker to get > my DNS server version. I have been following several posts about doing this > and mostrly all of them suggest to modify

RE: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-02-28 Thread NNEX Support
Thanks for the information Cathy. I've always run the Red Hat provided packages in the past, this is the first time I've ever tried running the newest release direct. Mostly I'm just feeling extra cautious since this is something I've never done before and admittedly I don't know as much about

"Hiding" version.bind in /etc/bind/named.conf.options doesn't work

2018-02-28 Thread Ing. Pedro Pablo Delgado Martell
Good morning, I'm trying to make it more difficult for an attacker to get my DNS server version. I have been following several posts about doing this and mostrly all of them suggest to modify the */etc/bind/named.conf.options* file and add the lines: options { version "Not available";