The FreeBSD Diary

I found this little gem whilst idling in undernet's #freebsd IRC channel.  It's a quick way of finding out what version of bind you are running without having to restart bind.

$ nslookup -q=txt -class=CHAOS version.bind. 0
Server: ducky.nz.freebsd.org
Address: 0.0.0.0 
VERSION.BIND text = "8.2.2-P5"

dig can also be used to determine the version of bind.

$ dig @ducky.nz.freebsd.org version.bind chaos txt

; <<>> DiG 8.2 <<>> @ducky.nz.freebsd.org version.bind chaos txt 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
                                                   ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "8.2.2-P5"

;; Total query time: 325 msec
;; FROM: mail.wzrd.com to SERVER: ducky.nz.freebsd.org 
                                                   203.79.82.27
;; WHEN: Mon Apr 3 09:25:51 2000
;; MSG SIZE sent: 30 rcvd: 63

Also, with recent versions of bind, the following is possible:

$ named -v
named 8.2.2-P5-NOESW Mon Jan 24 13:43:58 EST 2000
        danh@noc.wzrd.com:/usr/obj/usr/src/usr.sbin/named    

[Ed. note: sometimes named is not in the path, such as on my box, and you have to specify /usr/local/sbin/named.]

If you wish to hide what version is given in reply, just edit /usr/src/contrib/bind/Version and recompile from /usr/src/usr.sbin/named.  Here is an example of what you can do:

$ dig @ns.wzrd.com version.bind chaos txt

; <<>> DiG 8.2 <<>> @ns.wzrd.com version.bind chaos txt 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
                                                  ADDITIONAL: 0
;; QUERY SECTION:
;; version.bind, type = TXT, class = CHAOS

;; ANSWER SECTION:
VERSION.BIND. 0S CHAOS TXT "Wizard Communication Systems"

;; Total query time: 1 msec
;; FROM: mail.wzrd.com to SERVER: ns.wzrd.com 206.99.165.2
;; WHEN: Mon Apr 3 09:26:21 2000
;; MSG SIZE sent: 30 rcvd: 83    

Another way to hide your BIND version is putting the:

version "anything";

in the options section of your named.conf.  Better than recompiling it

options {
        directory "/var/named";
	version "[Secured]";

};

You can do also in /etc/named.conf:

acl "trusted"   { {127.0.0/8; };
};

zone "bind" chaos {
        type master;
        file "/var/named/bind";
        allow-query { trusted; };
        allow-transfer { none; };
};

Then create this file in /var/named/bind:

TTL 1D
$ORIGIN bind.
@	1D  CHAOS SOA	localhost. 	root.localhost. (
			1
			3H
			1H
			1W
			1D  )
	CHAOS  NS	localhost.

This will disallow any query on version except from local host.

I dont know if this has anything to do with "bind" itself. but when you type nslookup then type: ls -d domain.com it will show you the zone file for that domain.   I'm not sure but I 'think' this only works if the domain is hosted on your nameserver.  If it's not, you can type : server ns.of-domain.com then ls -d domain.com and it should show you the zone files.  Try it out