請問一下版上的大大，最近在玩一套弱點掃瞄的軟體， 我用他來掃我的DNS，發現都會出下以下3個弱點，就算升級到BIND 9.4.2 還是一樣，找了網路上的文章，都沒有說怎麼避免，不知道有沒有大大知道的 1.DNS Cache Snooping Description: Remote DNS server is vulnerable to Cache Snooping attacks. Recommendation: Review the above mentioned paper for an overview of the implications and recommended solutions to the DNS Cache Snooping attack. Ensure you have the latest version of your DNS Server although this vulnerability may be the result of configuration error. The DNS Cache Snooping article contains a safe BIND configuration that restricts recursive requests to trusted clients. Ensure DNS servers that service untrusted networks only provide authoritative data and do not respond to recursive requests. 2.BIND Allow Authors Request Description: BIND versions 9.0 and later could allow a remote attacker to obtain sensitive information. Recommendation: http://www.isc.org/products/BIND/ 3.BIND Allow Version Request Description: BIND (Berkeley Internet Name Domain) servers support the ability to be remotely queried for their version numbers. Recommendation: Disable the BIND version query feature. 關於第3點，網路上都是教人填一個版本進去，但要怎麼關掉呢？ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.138.32.31 ※ 編輯: litjoejoe 來自: 140.138.32.31 (12/12 21:21) ※ 編輯: litjoejoe 來自: 140.138.32.31 (12/12 21:22)