![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtYou can ask the version of BIND with a command
$ dig +norecurse @ns1.aarnet.net.au ch txt version.bind
Of course not everyone is keen on that information leakage. So BIND has a version command which allows you to give arbitrary text. You often see configurations like
options {
version "Some all-too-long text trying all-too-hard to be funny";
};Please don't do this. All you are doing is sending a longer packet than you received in response to a connectionless unauthenticated request. Can you say "handy for use in a traffic multiplier attack?"
Instead simply return a REFUSED for the zone. This is the same size as the request.
Set up a zone ...
TTL 1D $ORIGIN bind. @ 1D CHAOS SOA localhost. root.localhost. ( 1 3H 1H 1W 1D ) CHAOS NS localhost.
... and then prohibit access to it:
zone "bind" chaos {
type master;
file ".../bind";
allow-query {
none;
};
allow-transfer {
none;
};
};