The BIND DNS server by default will broadcast its version publicly. Security-minded admins may want to disable broadcasting of the BIND banner. I’ll show you how!
Grab BIND banner
It is possible to use dig, host, nslookup or whatever your favorite DNS tool may be to query the BIND banner. I like the host command so here is how it works with host:
$ host -c chaos -t txt version.bind ns1.example.com Using domain server: Name: ns1.example.com Address: 192.168.1.1#53 Aliases: version.bind descriptive text "9.3.6-P1-RedHat-9.3.6-20.P1.el5"
Disable BIND banner
To change this banner, edit named.conf and put in whatever version indication you wish. Example:
$ sudo nano /etc/named.conf
Add this in:
options { version “none”; }
Restart BIND, and now your DNS server will reflect:
$ host -c chaos -t txt version.bind ns1.example.com Using domain server: Name: ns1.example.com Address: 192.168.1.1#53 Aliases: version.bind descriptive text "none"