Another common reconnaissance technique used by malicious users is to profile your DNS service. First a hacker makes a BIND version request. The server reports the version of BIND that’s running. Then the hacker compares the response to known exploits and vulnerabilities for that version of BIND.
To defend against this attack, configure BIND to respond with something other than what it is. To alter BIND’s version response:
Open a command-line text editor (for example vi, emacs, or pico).
Open named.conf for editing.
To the options brackets of the configuration file, add the following:
version "[your text, maybe 'we're not telling!']";Save named.conf.