Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x DNS Support v1.0.x v Hide DNS Software Version on Sentora 1.0.3

Hide DNS Software Version on Sentora 1.0.3
wormsunited Offline
Sentora Member
*
OS: Centos 7 Minimal
Version: 1.0.3
Server: Dedicated
Posts: 143
Threads: 25
Joined: Aug 2014
Reputation: 4
Sex: Male
Thanks: 46
Given 14 thank(s) in 10 post(s)
#1
Hide DNS Software Version on Sentora 1.0.3
 10-24-2017, 10:52 AM (This post was last modified: 10-24-2017, 10:53 AM by wormsunited.)
Hi there,

It seems i am not able to Hide the Hide DNS Software Version in Sentora using named.conf on Bind. I added successfully the entry's as follows:

PHP Code:
// /etc/named.conf
options {
  // Hide bind version
  version "unknown";
}; 

Then i restarted the service:

PHP Code:
service named restart 


All was ok i checked the version too using this code:

PHP Code:
dig +short @ns1.example.com version.bind txt chaos 

In this case i got a return value of "unknown", problem is that it does not hide it. Now, this is a security problem since a new vulnerability maybe can be found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems.

It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning.

Any ideas why this is not working?
Thanks in advance
'' Life is full of important choices ''
Help Sentora Donate now => http://sentora.org/donate Blush
Find
Reply
Thanks given by:
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,668
Threads: 241
Joined: May 2014
Reputation: 85
Sex: Male
Thanks: 408
Given 600 thank(s) in 465 post(s)
#2
RE: Hide DNS Software Version on Sentora 1.0.3
 10-24-2017, 12:35 PM
I haven't tried it yet, but will look into it this week.
Just tried the dig command and mine already says 'Hidden' Rolleyes
After more investigation, it does not seem possible to hide it 100%

After the suggested changes above, they all end with something like: "As usual, you can use fpdns to find out version number."
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by: wormsunited
wormsunited Offline
Sentora Member
*
OS: Centos 7 Minimal
Version: 1.0.3
Server: Dedicated
Posts: 143
Threads: 25
Joined: Aug 2014
Reputation: 4
Sex: Male
Thanks: 46
Given 14 thank(s) in 10 post(s)
#3
RE: Hide DNS Software Version on Sentora 1.0.3
 10-24-2017, 01:20 PM
Hi there i managed to do it under some of my servers, but for some reason that i cannot explain it does not work with fresh Sentora Installations. I mean i did made it for some of them, but on some others i could not.

My guess... I think the issue also depends on our registrar provider since i am using 2 companies, Godaddy and Name. At Godaddy i have the versions hidden, but on Name i do not. Maybe a request for the registrar can fix this issue? I will make a few more checks on this matter too and i will keep you all posted very soon.

Although the code is correct and the steps too.

Code:
Notice:

There is 2 files at Sentora that needs to be changed, not just one. the named.conf exists in two
places, so its a good idea to modify both.

Blush
'' Life is full of important choices ''
Help Sentora Donate now => http://sentora.org/donate Blush
Find
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Cloudflare issue with sentora testing 3 11 ,853 11-21-2017, 07:35 PM
Last Post: Me.B
Sentora Subdomain Installl sathish2009 2 7 ,822 04-03-2017, 11:50 AM
Last Post: sathish2009
Unable to delete wrongly spelled domain in Sentora asnair 1 6 ,239 02-06-2017, 03:43 AM
Last Post: Me.B

Forum Jump:


Users browsing this thread: 1 Guest(s)