[Pdns-users] Configure pdns to not provide version information?
Mark Watts
m.watts at eris.qinetiq.com
Wed Dec 13 17:00:20 UTC 2006
> I'm just implementing PowerDNS and am very impressed by how straightforward
> it has been. I'm about to replace our old Bind servers with powerdns, and
> was testing a few things and noticed that PowerDNS tells other server's
> it's version number. More specifically it says:
>
> Served by POWERDNS 2.9.20 $Id: packethandler.cc 539 2005-11-11 11:17:47Z
> ahu $
>
> Is there any way to disable or change this response without recompiling.
> I typically try to disable this kind of identifying information so that in
> the event of a vulnerability, it's not obvious that this server is
> vulnerable.
The config file for the recursor has "version-string=" set to a similar
string, I'd be surprised if you can't set that in the main pdns config.
As an aside, in the event of a vulnerability an automated script will fire the
exploit at your sever whether it's running a DNS service or not.
CodeRed and Slammer did the same for IIS vulnerabilities.
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Public Key ID: 455420ED
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20061213/90eaeb36/attachment-0001.sig>
More information about the Pdns-users
mailing list