---
title: "How do I change the version that BIND reports when queried?"
slug: "aa-00359"
description: "BIND servers respond to queries for name version.bind with record type TXT and class CHAOS. By default this is set to the version of BIND that has been installed."
tags: ["version.bind", "security"]
updated: 2021-05-25T20:34:11Z
published: 2021-05-25T20:34:11Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.isc.org/llms.txt
> Use this file to discover all available pages before exploring further.

# How do I change the version that BIND reports when queried for version.bind?

BIND servers respond to queries for name `version.bind` with record type **TXT** and class **CHAOS**. By default, this is set to the version of BIND that has been installed.

```
dig @127.0.0.1 version.bind chaos txt

; <<>> DiG 9.11.0 <<>> @127.0.0.1 version.bind chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22214
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;version.bind.            CH    TXT

;; ANSWER SECTION:
version.bind.        0    CH    TXT    "9.11.0"

;; AUTHORITY SECTION:
version.bind.        0    CH    NS    version.bind.

;; Query time: 160 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 15 15:07:34 2017
;; MSG SIZE  rcvd: 63
```

Sometimes it is desirable not to reveal the version of BIND that is running on the server. The default version can be changed using the **version** option in the **options** statement in **named.conf**. For example:

```
version "BIND 9";
```

To disable version reporting entirely:

```
version none;
```

It is also possible to deny or rate-limit access `version.bind` and other built-in chaos records by re-defining the built-in chaos zones `version.bind`, `hostname.bind`, `authors.bind`, and `id.server` in a new chaos view:

```
view "override_bind" chaos { 
        
           # Prevent use of this zone in DNS amplified reflection DoS attacks
           rate-limit {
                responses-per-second 3;
                slip 0;
                min-table-size 10;
           };
           
           zone "version.bind" chaos {
                type primary;
                database "_builtin version";
           };

           zone "hostname.bind" chaos {
                type primary;
                database "_builtin hostname";
           };

           zone "authors.bind" chaos {
                type primary;
                database "_builtin authors";
           };

           zone "id.server" chaos {
                type primary;
                database "_builtin id";
           };
        };
```

The full configuration of the built-in "_bind" view can be seen in bin/named/config.c.