Re: fingerprinting BIND 9.1.0

[Eric Limpens <eric () LIMPENS NET>]

On Mon, Jan 29, 2001 at 03:50:31PM -0800, Max Vision wrote:
> Hi,
>
> The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
> chaos record called "authors".  So now even if an admin changes or
> suppresses their version reply string, a remote user can still determine
> whether the server is running BIND 9.x.  With the recent discovery of the
> tsig bug in BIND there will probably be a huge rise in version
> queries.  Some attackers may remove ambiguity by skipping servers that
> reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable).
>
> % dig @ns.example.com authors.bind chaos txt

For the absolute paranoid (all of us I guess), this patch will disable at
least that fingerprinting.

Eric

-------->8 cut here 8<-------
--- server.c.org        Tue Jan 30 20:25:57 2001
+++ server.c    Tue Jan 30 20:23:03 2001
@@ -1667,7 +1667,7 @@
        CHECK(create_bind_view(&view));
        ISC_LIST_APPEND(lctx.viewlist, view, link);
        CHECK(create_version_zone(cctx, server->zonemgr, view));
-       CHECK(create_authors_zone(server->zonemgr, view));
+/*     CHECK(create_authors_zone(server->zonemgr, view));*/
        dns_view_freeze(view);
        view = NULL;
-------->8 cut here 8<-------

--
GIT$ d+ s+:- !a C+++ UL++++ P+++ L+++ E--- W+ N++ o K+ w--
O- M- V- PS PE Y+ PGP++ t 5 X R- tv+ b++ DI++ D
G e h+ r y?