How do I change the version that BIND reports when queried for version.bind?
  • 08 Jan 2021
  • 1 Minute To Read
  • Contributors
  • Print
  • Share
  • Dark
    Light

How do I change the version that BIND reports when queried for version.bind?

  • Print
  • Share
  • Dark
    Light

BIND servers respond to queries for name version.bind with record type TXT and class CHAOS. By default, this is set to the version of BIND that has been installed.

dig @127.0.0.1 version.bind chaos txt

; <<>> DiG 9.11.0 <<>> @127.0.0.1 version.bind chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22214
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.            CH    TXT

;; ANSWER SECTION:
version.bind.        0    CH    TXT    "9.11.0"

;; AUTHORITY SECTION:
version.bind.        0    CH    NS    version.bind.

;; Query time: 160 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 15 15:07:34 2017
;; MSG SIZE  rcvd: 63

Sometimes it is desirable not to reveal the version of BIND that is running on the server. The default version can be changed using the version option in the options statement in named.conf. For example:

version "BIND 9";

To disable version reporting entirely:

version none;

It is also possible to deny or rate-limit access version.bind and other built-in chaos records by re-defining the built-in chaos zones version.bind, hostname.bind, authors.bind, and id.server in a new chaos view:

view "override_bind" chaos { 
        
           # Prevent use of this zone in DNS amplified reflection DoS attacks
           rate-limit {
                responses-per-second 3;
                slip 0;
                min-table-size 10;
           };
           
           zone "version.bind" chaos {
                type master;
                database "_builtin version";
           };

           zone "hostname.bind" chaos {
                type master;
                database "_builtin hostname";
           };

           zone "authors.bind" chaos {
                type master;
                database "_builtin authors";
           };

           zone "id.server" chaos {
                type master;
                database "_builtin id";
           };
        };

The full configuration of the built-in "_bind" view can be seen in bin/named/config.c.