Security

禁用綁定 9.3.6 主機名洩露

  • November 5, 2015

我已經綁定了 9.3.6。

如何禁用主機名洩露?

問題連結http://www.iss.net/security_center/reference/vuln/bind-hostname-disclosure.htm

謝謝。

您可以通過以下方式隱藏主機名版本

# /etc/named.conf
options {
   // hide bind info
   hostname "unknown";
   version "unknown";
}

主機名查詢範例:

[vitalie@silver ~]$ dig @ns1.kappa.ro hostname.bind chaos txt

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @ns1.kappa.ro hostname.bind chaos txt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46430
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;hostname.bind.                 CH      TXT

;; ANSWER SECTION:
hostname.bind.          0       CH      TXT     "linux.kappa.ro"

;; AUTHORITY SECTION:
hostname.bind.          0       CH      NS      hostname.bind.

;; Query time: 6 msec
;; SERVER: 194.102.255.3#53(194.102.255.3)
;; WHEN: Wed Jan  5 15:08:14 2011
;; MSG SIZE  rcvd: 72

引用自:https://serverfault.com/questions/215724