[18898] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (buglist@SHIKAHR.COM.INTER.NET)
Tue Jan 30 21:43:47 2001
Message-Id: <E14Nlqm-000LUd-00@tuvela.shikahr.com.inter.net>
Date: Tue, 30 Jan 2001 19:14:20 -0600
Reply-To: buglist@SHIKAHR.COM.INTER.NET
From: buglist@SHIKAHR.COM.INTER.NET
To: BUGTRAQ@SECURITYFOCUS.COM
In message <5.0.2.1.2.20010129125423.00a7f990@127.0.0.01>
Max Vision writes:
> The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
> chaos record called "authors".
[ snip ]
> % dig @ns.example.com authors.bind chaos txt
I've been playing some with BIND 9.1.0, and have found that queries
like this can be suppressed using the new "view" capability. I now
have in my named.conf, the following:
view "external-chaos" chaos {
match-clients { any; };
recursion no;
zone "." {
type hint ;
file "/dev/null";
};
};
and a similar entry for hesiod records. Queries then against either
chaos or hesiod records will come back as "servfail".
Alternatively, creating your own "bind." domain with CH, rather than
IN, records for SOA and TXT data will override hardcoded values. I've
also got a "bind." domain that has this record:
version.bind. 0 ch txt "Who knows"
so that if I don't use a "view" to block chaos records, then at least
I give out only information that I want to give out.
--
Randall Raemon
shikahr.com.inter.net, email to rlr
