Bugtraq mailing list archives

Re: fingerprinting BIND 9.1.0

From: buglist () SHIKAHR COM INTER NET
Date: Tue, 30 Jan 2001 19:14:20 -0600

In message <5.0.2.1.2.20010129125423.00a7f990@127.0.0.01>
Max Vision writes:

The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
chaos record called "authors".


   [ snip ]

% dig @ns.example.com authors.bind chaos txt


I've been playing some with BIND 9.1.0, and have found that queries
like this can be suppressed using the new "view" capability. I now
have in my named.conf, the following:

   view "external-chaos" chaos {
        match-clients { any; };
        recursion no;
        zone "." {
                type hint ;
                file "/dev/null";
                };
        };

and a similar entry for hesiod records. Queries then against either
chaos or hesiod records will come back as "servfail".

Alternatively, creating your own "bind." domain with CH, rather than
IN, records for SOA and TXT data will override hardcoded values. I've
also got a "bind." domain that has this record:

   version.bind.    0    ch   txt     "Who knows"

so that if I don't use a "view" to block chaos records, then at least
I give out only information that I want to give out.

--
Randall Raemon
shikahr.com.inter.net, email to rlr

Current thread:

fingerprinting BIND 9.1.0 Max Vision (Jan 30)
- Re: fingerprinting BIND 9.1.0 Eric Limpens (Jan 30)
- <Possible follow-ups>
- Re: fingerprinting BIND 9.1.0 buglist (Jan 30)
  - Re: fingerprinting BIND 9.1.0 William D. Colburn (aka Schlake) (Jan 31)
    - Re: fingerprinting BIND 9.1.0 Lucas Holt (Jan 31)