Vulnerability Development mailing list archives
Re: DNS Version check.
From: "Nexus" <nexus () patrol i-way co uk>
Date: Thu, 6 Jun 2002 11:20:57 +0100
If you are using perl then Net::DNS by Mike Fuhr http://www.fuhr.org/~mfuhr/perldns/ is the way to go and use something similar to : $packet = $res->query("version.bind","TXT","CH"); As has been said, this string can be changed from the default, or even it's request can be refused. That said, you can also query servers for "authors.bind" to possibly fingerprint BIND versions of 9.x.x - this is a CH class TXT record again - don't think there is a way to query for the version string without using the CH class. For completeness as folks have mentioned doing this with dig, you can do it with nslookup as well, both as a one-liner and interactively : [nexus@wulfgar nexus]$ nslookup -q=txt -class=chaos version.bind 192.168.1.1 Server: ns1.example.com Address: 192.168.1.1 VERSION.BIND text = "8.2.3-REL-NOESW" [nexus@wulfgar nexus]$ nslookup Default Server: ns1.example.com Address: 192.168.1.1
set class=chaos set type=txt version.bind
Server: ns1.example.com Address: 192.168.1.1 VERSION.BIND text = "8.2.3-REL-NOESW"
exit
[nexus@wulfgar nexus]$ FWIW, there are other ways to fingerprint DNS servers even when the string is not present by looking at the RCODE reply from the server. For example, An RCODE reply of 4, "Not Implemented" is consistent with the MS DNS servers, RCODE of 1, "Format String Error" is consistent with Dan Bernstein's DJBDNS/TinyDNS and a reply of 2, "Internal Server Error" was found to be the response from Novell BorderManager. Other ways of doing this are WIP atm ;-) Cheers. ----- Original Message ----- From: "Vjay LaRosa" <vjayl () emc com> To: <vuln-dev () securityfocus com> Sent: Wednesday, June 05, 2002 10:59 PM Subject: DNS Version check.
Hello, Does any one know if it is possible to request the version of bind a server is running? I would like to write a quick perl script to scan my network to check all of the versions. Thanks! vjl -- V.Jay LaRosa EMC Corporation Systems Administrator 171 South Street (508)435-1000 ext 14957 Hopkinton, MA 01748 (508)497-8082 fax www.emc.com
Current thread:
- DNS Version check. Vjay LaRosa (Jun 05)
- Re: DNS Version check. David Conrad (Jun 05)
- Re: DNS Version check. Edwin Groothuis (Jun 05)
- Re: DNS Version check. Peter Thoenen (Jun 05)
- Re: DNS Version check. Johannes Ullrich (Jun 06)
- Re: DNS Version check. Peter Thoenen (Jun 05)
- Re: DNS Version check. Jean-Christophe Smith (Jun 05)
- Re: DNS Version check. Joao Gouveia (Jun 06)
- Re: DNS Version check. Nexus (Jun 06)
- Re: DNS Version check. Admin (Jun 06)
- <Possible follow-ups>
- Re: DNS Version check. Muhammad Faisal Rauf Danka (Jun 06)