http://www.isc.org/products/BIND/
3.BIND Allow Version Request
Description:
BIND (Berkeley Internet Name Domain) servers support
the ability to be remotely queried for their version numbers.
Recommendation:
Disable the BIND version query feature.
關於第3點,網路上都是教人填一個版本進去,但要怎麼關掉呢?
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.138.32.31
※ 編輯: litjoejoe 來自: 140.138.32.31 (12/12 21:21)
※ 編輯: litjoejoe 來自: 140.138.32.31 (12/12 21:22)
請問一下版上的大大,最近在玩一套弱點掃瞄的軟體,
我用他來掃我的DNS,發現都會出下以下3個弱點,就算升級到BIND 9.4.2
還是一樣,找了網路上的文章,都沒有說怎麼避免,不知道有沒有大大知道的
1.DNS Cache Snooping
Description:
Remote DNS server is vulnerable to Cache Snooping attacks.
Recommendation:
Review the above mentioned paper for an overview of the implications
and recommended solutions to the DNS Cache Snooping attack. Ensure you
have the latest version of your DNS Server although this vulnerability
may be the result of configuration error.
The DNS Cache Snooping article contains a safe BIND configuration
that restricts recursive requests to trusted clients. Ensure DNS
servers that service untrusted networks only provide authoritative
data and do not respond to recursive requests.
2.BIND Allow Authors Request
Description:
BIND versions 9.0 and later could allow a remote attacker
to obtain sensitive information.
Recommendation: