The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
What version of bind are you running? 3 April 2000
Need more help on this topic? Click here
This article has 3 comments
Show me similar articles
If you are running a name server, chances are it's bind (Berkeley Internet Name Domain) which implements the Domain Name System (DNS) protocols.   Normally, the executable is called named.  For more information on bind, see the bind home page at http://www.isc.org/products/BIND/.

I found this little gem whilst idling in undernet's #freebsd IRC channel.  It's a quick way of finding out what version of bind you are running without having to restart bind.

$ nslookup -q=txt -class=CHAOS version.bind. 0
Server: ducky.nz.freebsd.org
Address: 0.0.0.0 
VERSION.BIND text = "8.2.2-P5"
Other bind gems 4 April 2000
Dan Harnett wrote in with this information.  Thanks for sharing.

dig can also be used to determine the version of bind.

$ dig @ducky.nz.freebsd.org version.bind chaos txt

; <<>> DiG 8.2 <<>> @ducky.nz.freebsd.org version.bind chaos txt 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
                                                   ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.2.2-P5"

;; Total query time: 325 msec
;; FROM: mail.wzrd.com to SERVER: ducky.nz.freebsd.org 
                                                   203.79.82.27
;; WHEN: Mon Apr 3 09:25:51 2000
;; MSG SIZE sent: 30 rcvd: 63

Also, with recent versions of bind, the following is possible:

$ named -v
named 8.2.2-P5-NOESW Mon Jan 24 13:43:58 EST 2000
        danh@noc.wzrd.com:/usr/obj/usr/src/usr.sbin/named    

[Ed. note: sometimes named is not in the path, such as on my box, and you have to specify /usr/local/sbin/named.]

If you wish to hide what version is given in reply, just edit /usr/src/contrib/bind/Version and recompile from /usr/src/usr.sbin/named.  Here is an example of what you can do:

$ dig @ns.wzrd.com version.bind chaos txt

; <<>> DiG 8.2 <<>> @ns.wzrd.com version.bind chaos txt 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
                                                  ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "Wizard Communication Systems"

;; Total query time: 1 msec
;; FROM: mail.wzrd.com to SERVER: ns.wzrd.com 206.99.165.2
;; WHEN: Mon Apr 3 09:26:21 2000
;; MSG SIZE sent: 30 rcvd: 83    
Tell bind what version it is 6 April 2000
Renato Murilo Langona wrote in to mention this very nice solution:

Another way to hide your BIND version is putting the:

version "anything";

in the options section of your named.conf.  Better than recompiling it

options {
        directory "/var/named";
	version "[Secured]";

};
Restrict access to the version command 6 April 2000
Henk Wevers wote about using ACL to control who can get the version:

You can do also in /etc/named.conf:

acl "trusted"   { {127.0.0/8; };
};

zone "bind" chaos {
        type master;
        file "/var/named/bind";
        allow-query { trusted; };
        allow-transfer { none; };
};

Then create this file in /var/named/bind:

TTL 1D
$ORIGIN bind.
@	1D  CHAOS SOA	localhost. 	root.localhost. (
			1
			3H
			1H
			1W
			1D  )
	CHAOS  NS	localhost.

This will disallow any query on version except from local host.

Listing the zone files 20 May 2000
Alex Root wrote in to say this:

I dont know if this has anything to do with "bind" itself. but when you type nslookup then type: ls -d domain.com it will show you the zone file for that domain.   I'm not sure but I 'think' this only works if the domain is hosted on your nameserver.  If it's not, you can type : server ns.of-domain.com then ls -d domain.com and it should show you the zone files.  Try it out


Need more help on this topic? Click here
This article has 3 comments
Show me similar articles