Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

One or more nameservers responded to version queries

Discussion in 'Bind / DNS / Nameserver Issues' started by greektranslator, Dec 1, 2017.

  1. greektranslator

    Joined:
    Jun 5, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I tested with this site DNS tools | Manage Monitor Analyze | DNSstuff and I get

    Nameserver software version
    One or more nameservers responded to version queries. This can be considered a breach of security. If a malicious person or program had access to a version-specific exploit for your DNS server, displaying the version info openly will make their attack much easier. This should be removed or obscured. The nameservers that responded to version queries are:


    I found these threads
    Nameserver software version
    How to disable BIND version querying??? help

    but I cannot find any "version" instance in /etc/named.conf
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,728
    Likes Received:
    78
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    If you have a remote server as Linux, you can use the dig tool to find the version:

    # dig @<DNS-Server-IP> version.bind


    ------------------------------- -------------------------------
    ; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> @<DNS-Server-IP> version.bind chaos TXT
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1865
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
    ;; WARNING: recursion requested but not available

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;version.bind. CH TXT

    ;; ANSWER SECTION:
    version.bind. 0 CH TXT "9.9.4-RedHat-9.9.4-51.el7"

    ;; AUTHORITY SECTION:
    version.bind. 0 CH NS version.bind.

    ;; Query time: 41 msec
    ;; SERVER: <DNS-Server-IP>#53(<DNS-Server-IP>)
    ;; WHEN: Fri Dec 01 15:03:39 UTC 2017
    ;; MSG SIZE rcvd: 93
    ------------------------------- -------------------------------
    version.bind will give you the version number..
     
  3. greektranslator

    Joined:
    Jun 5, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I don't want to find it, I want to hide it.
     
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,635
    Likes Received:
    53
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Edit /etc/named.conf
    and add
    version "I don't Think so";
    after // query-source port 53;

    and restart bind
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,763
    Likes Received:
    1,710
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The previous post should help if you are using Bind. If you are using PowerDNS, see the following thread:

    Name Servers Versions

    Thank you.
     
Loading...

Share This Page