[Pdns-users] Configure pdns to not provide version information?

Mark Watts m.watts at eris.qinetiq.com
Wed Dec 13 17:00:20 UTC 2006

> I'm just implementing PowerDNS and am very impressed by how straightforward
> it has been.  I'm about to replace our old Bind servers with powerdns, and
> was testing a few things and noticed that PowerDNS tells other server's
> it's version number.  More specifically it says:
> Served by POWERDNS 2.9.20 $Id: packethandler.cc 539 2005-11-11 11:17:47Z
> ahu $
> Is there any way to disable or change this response without recompiling.  
> I typically try to disable this kind of identifying information so that in
> the event of a vulnerability, it's not obvious that this server is
> vulnerable.

The config file for the recursor has "version-string=" set to a similar 
string, I'd be surprised if you can't set that in the main pdns config.

As an aside, in the event of a vulnerability an automated script will fire the 
exploit at your sever whether it's running a DNS service or not.
CodeRed and Slammer did the same for IIS vulnerabilities.


Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Public Key ID: 455420ED

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20061213/90eaeb36/attachment-0001.sig>

More information about the Pdns-users mailing list