We cannot avoid mentioning that BIND allows you to hide (and replace) its version number with an arbitrary string. Although we do not advocate security through obscurity, and this should not be taken as a reliable way of preventing version fingerprinting (which is possible using other means), hiding the version number is a small setting that's worth mentioning.

options {

Here's an example of version querying after changing the setting:

; <<>\> DiG 9.3.0 <<>\> @ version.bind chaos txt ;; global options: printcmd ;; Got answer:

;; ->\>HEADER<<- opcode: QUERY, status: NOERROR, id: 192 9

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0


;version.bind. CH TXT



version.bind. 0 CH NS version.bind.

;; SERVER: 14 ;; WHEN: Sat Nov 4 17:59:10 2006 ;; MSG SIZE rcvd: 60

