Security
禁用綁定 9.3.6 主機名洩露
我已經綁定了 9.3.6。
如何禁用主機名洩露?
問題連結http://www.iss.net/security_center/reference/vuln/bind-hostname-disclosure.htm
謝謝。
您可以通過以下方式隱藏主機名和版本:
# /etc/named.conf options { // hide bind info hostname "unknown"; version "unknown"; }
主機名查詢範例:
[vitalie@silver ~]$ dig @ns1.kappa.ro hostname.bind chaos txt ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> @ns1.kappa.ro hostname.bind chaos txt ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46430 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;hostname.bind. CH TXT ;; ANSWER SECTION: hostname.bind. 0 CH TXT "linux.kappa.ro" ;; AUTHORITY SECTION: hostname.bind. 0 CH NS hostname.bind. ;; Query time: 6 msec ;; SERVER: 194.102.255.3#53(194.102.255.3) ;; WHEN: Wed Jan 5 15:08:14 2011 ;; MSG SIZE rcvd: 72