Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!


DNS version attempts & tools

There has been some DNS junk flying around again.. so refresh.

Dont forget how easy it is to do a DNS version attempt.

dig -c CH -t txt version.bind

Make sure your BIND/Named is obfuscated/disabled with custom message..

version "Generic DNS Server";

Not that it helps much with fpdns around.

anonymous@:~$ fpdns -D
fingerprint (, ISC BIND 8.3.0-RC1 -- 8.4.4
fingerprint (, ISC BIND 8.3.0-RC1 -- 8.4.4

Perl: (Fingerprint.PM)

Make sure your read basic DNS information like

Cisco's: DNS Best Practices, Network Protections, and Attack Identification

And understand the principles laid out in Secure BIND configurations such as:

Look into DNS Debug tools such as DNSwalk, dlint, & DOC

And for reverse lookups use where there is no PTR record try A record caches like:
Passive DNS Replication @

1 comment:

Benjamin said...

Indeed. Unless things have changed a DNS version attempt doesn't have a legitimate use, other than for probing. Seeing a DNS version attempt fire on an IDS is a pretty clear indicator you're being probed. Snort comes with sigs to catch both DNS version and author attempts.