Observation on FC2/Help on FC1

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Fri Sep 10 23:15:12 UTC 2004


Am Sa, den 11.09.2004 schrieb Kostas Sfakiotakis um 0:38:

Hi Kostas :)

> Sorry for intruding ,

No need for that.

> > nslookup -q=txt -class=CHAOS version.bind. 0
> 
> What does the above line mean ?

It queries the version of the named running, where 0 means localhost. So
for querying another DNS you have to exchange the 0 with the target
IP/name. Other example with 1 German NIC server dns.denic.de:

$ nslookup -q=txt -class=CHAOS version.bind. 81.91.161.5
Server:         81.91.161.5
Address:        81.91.161.5#53
 
VERSION.BIND    text = "DENIC-2.4.01.s39-OPS.js"

> Well , the only understandable thing i got from
> nslookup , was that it's use was depreceated .
> Othen than that i tried giving the above command
> but the result was a lot different  than a
> bind version .

This type of query is not necessarily reliable. Just see as an counter
example:

$ nslookup -q=txt -class=CHAOS version.bind. ns1.redhat.com
Server:         ns1.redhat.com
Address:        66.187.233.210#53
 
version.bind    text = "eleventy-billion and threeve"

See i.e.
http://www.brandonhutchinson.com/Determining_hiding_BIND_version_number.html on how to "camouflage" this information bind gives by default. I think it answers your following question too.

> Are you asking the DNS Server to print it's Version number ,
> which is presumably stored in some sort of RR ?

No RR. See the bind documentation on
http://www.isc.org/index.pl?/sw/bind/docs/config/options.php -->
"version
        The version the server should report via the ndc command or via
        a query of name version.bind in class chaos. The default is the
        real version number of the server, but some server operators
        prefer the string "surely you must be joking"."

> [root at Magellan root]# dig @10.0.0.1 version.bind CHAOS txt

[...]

> ;; ANSWER SECTION:
> VERSION.BIND.           0       CH      TXT     "Not available"

The admin of the DNS you queried has changed the version information.

> Alexander , well i have changed the actual IP Address to a fake one ,
> but other than that the output is original

On my FC1 system with bind running a dig @127.0.0.1 prints out:

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.2.2-P3"

>     Kostas

See to bind FAQ on

http://www.nominum.com/getOpenSourceResource.php?id=6
(linked from http://www.isc.org/index.pl?/sw/bind/)

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 00:55:18 up 11 days, 22:12, load average: 1.16, 0.94, 0.83 





More information about the fedora-list mailing list