What version of bind are you running?
If you are running a name server, chances are it’s bind (Berkeley Internet Name Domain) which implements the Domain Name System (DNS) protocols. Normally, the executable is called named. For more information on bind, see the bind home page at http://www.isc.org/products/BIND/.I found this little gem whilst idling in undernet’s #freebsd IRC channel. It’s a quick way of finding out what version of bind you are running without having to restart bind.
$ nslookup -q=txt -class=CHAOS version.bind. 0 Server: ducky.nz.freebsd.org Address: 0.0.0.0 VERSION.BIND text = "8.2.2-P5"
Other bind gems (added on 4 April 2000)
Dan Harnett wrote in with this information. Thanks for sharing.dig can also be used to determine the version of bind.
$ dig @ducky.nz.freebsd.org version.bind chaos txt
; <<>> DiG 8.2 <<>> @ducky.nz.freebsd.org version.bind chaos txt
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS
;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.2.2-P5"
;; Total query time: 325 msec
;; FROM: mail.wzrd.com to SERVER: ducky.nz.freebsd.org
203.79.82.27
;; WHEN: Mon Apr 3 09:25:51 2000
;; MSG SIZE sent: 30 rcvd: 63
Also, with recent versions of bind, the following is possible:
$ named -v
named 8.2.2-P5-NOESW Mon Jan 24 13:43:58 EST 2000
danh@noc.wzrd.com:/usr/obj/usr/src/usr.sbin/named
[Ed. note: sometimes named is not in the path, such as on my box, and you have to specify /usr/local/sbin/named.]
If you wish to hide what version is given in reply, just edit /usr/src/contrib/bind/Version and recompile from /usr/src/usr.sbin/named. Here is an example of what you can do:
$ dig @ns.wzrd.com version.bind chaos txt
; <<>> DiG 8.2 <<>> @ns.wzrd.com version.bind chaos txt
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0,
ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS
;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "Wizard Communication Systems"
;; Total query time: 1 msec
;; FROM: mail.wzrd.com to SERVER: ns.wzrd.com 206.99.165.2
;; WHEN: Mon Apr 3 09:26:21 2000
;; MSG SIZE sent: 30 rcvd: 83
Tell bind what version it is (added on 6 April 2000)
Renato Murilo Langona wrote in to mention this very nice solution:Another way to hide your BIND version is putting the:
version "anything";in the options section of your named.conf. Better than recompiling it
options { directory "/var/named"; version "[Secured]"; };
Restrict access to the version command (added on 6 April 2000)
Henk Wevers wote about using ACL to control who can get the version:You can do also in /etc/named.conf:
acl "trusted" { {127.0.0/8; }; }; zone "bind" chaos { type master; file "/var/named/bind"; allow-query { trusted; }; allow-transfer { none; }; };Then create this file in /var/named/bind:
TTL 1D $ORIGIN bind. @ 1D CHAOS SOA localhost. root.localhost. ( 1 3H 1H 1W 1D ) CHAOS NS localhost.This will disallow any query on version except from local host.
Listing the zone files (added on 20 May 2000)
Alex Root wrote in to say this:I dont know if this has anything to do with "bind" itself. but when you type nslookup then type: ls -d domain.com it will show you the zone file for that domain. I’m not sure but I ‘think’ this only works if the domain is hosted on your nameserver. If it’s not, you can type : server ns.of-domain.com then ls -d domain.com and it should show you the zone files. Try it out